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PATHLIGHT  VX 

Disk-Based  Backup 


Looking  at  disk-based 
backup  but  not  sure  how 
to  make  it  happen?  Get 


the  smarter  disk  backup 
solution — Path  light0  VX  2.0 
from  ADIC,  the  leading 
provider  of  tape  libraries 
for  open-systems  backup.  * 


Visit  www.adic.com/pvx to  get  your  free  GlassHouse  white  paper 

by  W.  Curtis  Preston,  Evaluating  Disk-Based  Backup  Solutions. 


Smarter  disk-based  backup.  Pathlight  VX  2.0  uses  advanced  policy-based  data  management  to 
merge  the  capacity  of  disk  and  tape  into  a  single,  unified  solution.  Disk  gives  you  twice  the  backup 
performance  of  conventional  libraries — and  even  faster  restore.  Tape  delivers  scalability,  value, 
secure  retention,  and  flexible  disaster  recovery.  You  get  the  best  of  both  technologies  in  a  single 
solution  that  slips  right  into  your  existing  backup  system. 


Clear  investment  protection.  With  Pathlight  VX  2.0,  you  can  boost  your  backup  and  restore 
whether  you  need  a  system  for  3.8  TB  or  3,000  TB — and  pay  a  lot  less  for  it.  You  can  even  use  your 
own  tape  library  as  part  of  the  system— tape  storage  can  be  supplied  by  one  of  ADIC's  intelligent 
Scalar®  libraries,  or  by  your  legacy  StorageTek  L-Series™  system. 


Room  to  grow,  smarts  to  save.  Pathlight  VX  2.0  delivers  all  the  performance  of  disk  and  the  fault 
tolerance  of  RAID,  but  it  also  scales  to  meet  enterprise  capacity  demands  and  grows  easily  with  your 
data — and  it  can  cut  your  costs  in  half  or  more  compared  to  conventional  products. 


'Market  share  from  Gartner  Dataquest,  Tape  Automation  Systems  Market  Shares,  2003,  F.  Yale,  April  2004. 
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Govt  braces  for  key  security  standard 

Department  of  Defense  could  feel  biggest  impact  of  new  smart-card  rules. 


■  BY  ELLEN  MESSMER 

The  National  Institute  of  Stand¬ 
ards  and  Technology  last  week 
raced  to  meet  a  weekend  dead¬ 
line  to  issue  a  smart-card  stan¬ 
dard  that  will  be  the  basis  for  pro¬ 
ducts  that  give  federal  employees 
and  contractors  secure  access  to 
networks  and  buildings. 

President  Bush  imposed  the 
deadline  last  August  in  a  directive 
aimed  at  improving  government 
security  by  having  a  common 
access  technology  adopted  by 
next  year. 

The  arrival  of  the  Federal  Infor¬ 
mation  Processing  Standard 
(FIPS)  201  is  being  met  with  a 
mix  of  optimism  and  anxiety  If  it 
works  out,  the  standard  could 
provide  a  framework  for  adop¬ 
tion  outside  the  federal  govern¬ 


ment.  But  more  immediately  gov¬ 
ernment  agencies  are  concerned 
about  its  costs  and  practical 
implementation. 

The  Department  of  Defense,  the 
government’s  biggest  user  of 
smart  cards,  is  most  worried. 

“We  expect  we’re  going  to  have 
to  make  some  changes,”  says 
Mary  Dixon,  deputy  director  at 
the  department’s  Defense  Man¬ 
power  Data  Center.The  group  has 
issued  more  than  3  million  smart 
cards  based  on  the  older  Govern¬ 
ment  Smart  Card  Interoperability 
Specification  (GSCIS). 

In  comments  to  NIST  last  De¬ 
cember  on  the  draft  standards 
document,  the  Defense  Depart¬ 
ment  said  FIPS  201  would  force  a 
“costly  re-investment”  that  would 
“require  [Department  of 
Defense]  to  re-deploy  desktop 


it  The  whole  process  has 
gone  through  highs  and  lows 
in  terms  of  communications 
between  staff  at  NIST,  indus¬ 
try  and  the  government  agen¬ 
cies  involved.il 

Randy  Vanderhoof 

Executive  director,  Smart  Card  Alliance 


middleware  to  2.2  million 
[Defense  Department]  comput¬ 
ers,”  update  3.5  million  Common 
Access  cards  and  “impose  an  un¬ 
proven  solution  with  no  support¬ 
ing  product.” 


Satellite  services  improving 
but  demand  for  them  still  iffy 


■  BY  TIM  GREENE 

A  new  battery  of  high-band- 
width  satellites  holds  the 
promise  of  broadband  wireless 
access  to  corporate  networks, 
but  land-based  technologies 
such  as  DSL  and  wireless  alter¬ 
natives  like  WiMAX  could  leave 
providers  of  satellite-based  very 
small  aperture  terminal  services 
frustrated  trying  to  drum  up 
additional  customers. 

So-called  Ka-band  satellites, 
some  already  aloft  and  others  to 
be  launched  later  this  year,  sup¬ 
port  downloads  up  to  30M  bit/ 
sec  for  businesses  and  2M  bit/ 
sec  uploads.  This  is  a  vast  im¬ 
provement  over  the  previous 
technology  called  Ku-band, 
which  supported  1.5M  bit/sec 
broadcast  downloads  but  very  lit¬ 
tle  capacity  for  return  traffic. 

Traditionally  used  to  reach  sites 
that  could  not  be  reached  by  any 


Growing  satellites 

The  use  of  corporate 
satellite  services  is  pre¬ 
dicted  to  continue  to  grow 
over  the  next  few  years. 

Enterprise  sites  using  IP  VSAT 

(in  thousands) 

1,078.1 


2004  2005  2006  2007  2008  2009 

SOURCE:  NORTHERN  SKY  RESEARCH 


other  means  to  support  applica¬ 
tions  that  didn’t  require  much 
two-way  talk,  the  U.S.  satellite  mar¬ 
ket  has  been  dominated  by 
Hughes  Network  Systems  and 
Spacenet,  which  combined  han¬ 
dle  about  90%  of  business  cus¬ 
tomers.  Most  of  the  customers  for 
VSAT  have  been  retail  chains 
using  the  connections  to  send 
and  receive  daily  sales  and  inven¬ 
tory  data  to  headquarters.  Higher, 
more  symmetric  bandwidth 
makes  the  technology  attractive 
to  businesses  with  more  general 
network  needs. 

Despite  its  promise,  use  of 
Ka-band  satellites  for  data  ser¬ 
vices  faces  challenges  because 
of  the  high  price  of  ground 
equipment  needed  to  support  it 
and  decisions  to  use  it  for  high- 
definition  TV  signals  rather  than 
corporate  data. 

“The  expectation  for  years  was 

See  Satellite,  page  17 


The  government  did  not  release 
estimated  costs  to  pay  for  Bush’s 
mandate. 

“[Department  of  Defense]  CIOs 
and  program  managers  will  be 
hard-pressed  to  explain  and 
defend  this  decision  to  their 
senior  leadership,”  the  depart¬ 
ment  stated  in  its  comments  to 
the  NIST,  and  added  that  the  draft 
standard  is  at  odds  with  changes 
planned  by  the  agency  this  year. 
The  Defense  Department  did  not 
divulge  those  changes. 

Dixon  says  the  Defense  Depart¬ 
ment  will  lobby  for  changes  in 
FIPS  201  right  up  until  its  official 
publication. 

The  two  NIST  engineers  who 
wrote  FIPS  201,  Cliff  Barker  and 
Jim  Dray  aren’t  oblivious  to  the 
concerns  surrounding  the  emerg¬ 
ing  standard. 

“The  majority  of  the  controver¬ 
sies  we  enjoyed  in  the  last  few 
months  are  due  to  the  legacy 
issues  of  the  GSCIS  world,”  said 
Dray  said  during  a  presentation 
he  made  two  weeks  ago  at  the 
RSA  Conference.  “But  card  man¬ 
agement  was  one  of  the  main 
things  missing  from  GSCIS  v.2.1.” 

Standard  specifics 

The  smart-card  platform  ex¬ 
pected  to  be  unveiled  this  week  is 
a  “virtual  machine  card”  with 
common  namespace  definition, 
management,  file  IDs  and  appli¬ 
cation  IDs. 

The  standard  also  will  define 


procedures  for  establishing  user 
identity  before  issuing  a  smart 
card.  The  NIST  engineers  said 
agencies,  which  use  smart  cards 
for  access  to  networks  or,  less 
commonly  buildings,  are  going  to 
have  to  get  on  board. 

“We  don’t  think  it’s  going  to  be 
possible  to  have  business  as  usual 
for  agencies  that  don’t  want  to 
change,”  Dray  said. 

The  smart-card  standard  is  ex¬ 
pected  to  have  two-fingerprint 
biometrics  and  a  digital  certifi¬ 
cate  for  authentication.  The  smart 
card  would  support  both  “contact- 
based”  and  radio  frequency  iden¬ 
tification  (RFID)-based  “contact¬ 
less”  methods  for  sharing  data. 

The  contactless  method  has 
been  controversial  because  of  the 
concern  that  “you  could  come 
behind  someone  in  an  elevator 
and  pull  the  biometric  off  a  card 
using  an  RFID  reader]’  says  Dave 
Enberg,  CTO  at  CoreStreet,  which 
makes  identity  management  and 
access  control  products  for  physi¬ 
cal  and  logical  systems. 

“The  whole  process  has  gone 
through  highs  and  lows  in  terms 
of  the  communications  between 
staff  at  NIST,  industry  and  the  gov¬ 
ernment  agencies  involved,”  says 
Randy  Vanderhoof,  executive  di¬ 
rector  of  the  Smart  Card  Alliance 
in  Princeton  Junction,  N.J.,  whose 
members  include  manufacturers 
such  as  Axalto  and  Gemplus. 

Vendors  to  the  government  will 
inspect  the  published  standard 
for  how  “tight  the  FIPS  201  specifi¬ 
cation  would  be  in  defining  spe¬ 
cific  card  data  files  and  smart 
cards  that  would  render  existing 
systems  incompatible.”  He  adds: 
“The  ‘must’  vs.  ‘may’  vs.  ‘should’  is 
critical  to  this  process.” 

Two  technical  documents  from 
NIST,  Special  Publications  80073 
and  80076  expected  out  in 
March,  will  further  define  smart 
card  hardware  and  biometrics 
requirements. 

Gary  Kleinfelter,  vice  president 
of  engineering  at  Fargo  Elec¬ 
tronics  and  chair  of  a  group 

See  FIPS,  page 
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Qwest  ups  ante  in  bid  for  MCI 

■  Qwest,  in  its  effort  to  lure  MCI  away  from  rival  Verizon,  last  week 
made  a  new  bid  for  MCI  that  guarantees  the  price  it  will  pay  to  MCI 
stockholders.  Qwest’s  new  offer  would  continue  to  pay  $24.60  per 
share  in  cash  and  stock  to  MCI  stockholders,  in  a  deal  worth  about 
$8  billion,  the  same  price  Qwest  offered  Feb.  11.  However,  the  new 
Qwest  bid  would  guarantee  that  purchase  price,  unlike  a  rival  bid 
from  Verizon,  and  it  would  allow  a  faster  payout  to  MCI  stockhold¬ 
ers  than  Qwest’s  previous  bid.  MCI  executives  on  Feb.  14  accepted  a 
deal  from  Verizon  worth  about  $6.7  billion,  arguing  that  the  larger 
and  more  profitable  Verizon  would  be  the  best  long-term  fit  for  MCI. 
Stockholders  still  would  have  to  approve  that  deal.  MCI  issued  a 
short  statement  Thursday:  “MCI’s  Board  will  conduct  a  thorough 
review  of  the  Qwest  offer,  as  it  has  with  all  previous  offers.” 


IETF  taps  IBMer  as  new  leader 

■  The  IETF;  the  Internet’s  premier  standards-setting  body,  has  selected  IBM  researcher 
Brian  Carpenter  as  its  new  chair.  The  appointment  will  be  made  official  March  9  at 
the  group’s  meeting  in  Minneapolis.  Carpenter  replaces  Harald  Alvestrand,  a  Cisco 
fellow  who  resigned  the  post  after  four  tumultuous  years  spent  restructuring  the 
group’s  administrative  processes  and  improving  its  financial  situation.  Alvestrand  will 
return  to  a  full-time  post  with  Cisco  in  Norway  this  summer.  Carpenter  is  a  distin¬ 
guished  engineer  with  IBM’s  Systems  Research  Group  at  its  Zurich  Research  Lab  in 
Switzerland.  Carpenter  has  been  active  in  the  IETF’s  development  of  IPv6,  a  long- 
awaited  upgrade  to  the  Internet’s  main  protocol,  IPv4.  Carpenter  has  co-authored  21 
IETF  standards  known  as  RFCs. 

IBM  adding  oomph  behind  iSeries 

■  IBM  last  week  promised  to  give  its  midrange  iSeries  servers  a  boost,  saying  that  it 
would  provide  $1  billion  in  services  and  support  to  thousands  of  software  partners  over 
the  next  few  years  to  help  accelerate  the  development  of  applications  and  tools  for  the 
iSeries  platform.  Big  Blue  has  been  stressing  its  commitment  to  the  iSeries  for  the  past 
couple  years,  launching  television  and  magazine  ads  extolling  the  reliability  and  flexi¬ 
bility  of  the  platform,  formerly  the  AS/400.  Last  year,  IBM  advanced  the  hardware  piece 
of  the  puzzle,  rolling  out  iSeries  servers  based  on  its  Bower5  processor.  Now  the  focus  is 


“And  now,  the  moment  you’ve 
been  waiting  for:  the  demonstration 
of  Solaris  10’s  new  secure 
execution  capability. . 


Props  to  Wes  Toman  of 
Ottawa,  Ontario,  who  put 
the  words  in  Sun  COO 
Jonathan  Schwartz's  mouth  and  beat  a  tough  field  of  competitors 
for  bragging  rights  this  week.  Check  back  every  Monday  for  the 
start  of  a  new  contest. 
www.nwfusion.com/weblogs/layer8 
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■  If  Good  h&Bad  nsUgly 


Stopping  “spim.’  '  A  New  York  man  has  been  arrested  and  charged  with 
sending  out  unsolicited  instant  messages,  marking  the  first  known  case  of  criminal 
action  being  taken  against  someone  accused  of  sending  “spim,"  or  instant-message 
spam.  The  man  was  charged  with  violating  the  federal  CAN-SPAM  Act  after  allegedly 
sending  more  than  1.5  million  instant  messages  advertising  mortgage  refinancing 
services  and  adult  pornography  to  users  of  MySpace.com's  IM  service,  according  to 
a  statement  from  U.S.  Attorney  Debra  Yang.  Read  more  about  the  case  on  page  34. 


DAH  Z.  JONES 


Mouse  trap.  Swedish  telecom  operator  TeliaSonera  is  fingering  hungry  field 
mice  as  culprits  in  a  20-hour  telephone  blackout  in  the  country  last  week,  according 
to  a  Reuters  report.  The  mice  gnawed  through  fiber-optic  cables,  nixing  fixed-line 
phone  connections  for  1,500  homes  and  affecting  mobile  phone  service,  the  report 


si  Laptop  looting.  Government  contractor  SAIC  has  reported  a  break-in 
to  its  corporate  facilities  in  San  Diego,  during  which  laptop  computers  were  stolen 
containing  personal  information  about  the  company's  stockholders.  The  company 
has  notified  current  and  former  stockholders  of  the  break-in  to  alert  them  of  potential 
ensuing  identity  theft,  although  officials  say  they  have  no  reason  to  believe  that  was 
the  intent  of  the  crime,  which  also  included  the  theft  of  other  unspecified  items. 


on  hardening  software  support  for  the  boxes,  says  Doug  Fulmer,  worldwide  sales  execu¬ 
tive,  iSeries  e-business  infrastructure  at  IBM.  Today,  the  iSeries  can  support  i5/OS  —  an 
updated  OS/400  operating  system  —  AIX,  Windows  and  Linux,  giving  users  greater  flex¬ 
ibility  (New  doings  for  xSeries.see  story  page  23.) 

Microsoft  hikes  prices  on  SQL  upgrade 

■  Microsoft  last  week  detailed  increased  pricing  and  new  features  for  its  long-awaited 
SQL  Server  2005  database,  which  is  expected  to  ship  this  summer. The  newest  version  of 
the  software,  code-named  Yukon  and  in  development  for  the  past  four  years,  includes  a 
new  edition  for  small  businesses  and  as  much  as  a  25%  price  increase  for  the  Standard 
Edition  and  20%  increase  for  the  Enterprise  Edition.The  new  edition,  called  Workgroup, 
has  been  introduced  for  the  2005  edition  and  retrofitted  into  the  available  versions  for 
SQL  Server  2000.  It  includes  support  for  up  to  3G  bytes  of  data,  the  Management  Studio 
tools  and  a  feature  called  Backup  Log  shipping  for  disaster  recovery.  Many  of  the  fea¬ 
tures  Microsoft  has  added  to  the  Enterprise  and  Standard  Editions  of  SQL  Server  2005 
are  to  keep  pace  with  rivals  Oracle  and  IBM,  experts  say  The  final  release  of  the  database 
is  expected  in  July  or  August. 


Introducing  DuPont™  certified  limited  combustible  cable.  In  the  event  of  a  fire,  securing  your 
business’  uptime  is  crucial.  The  data  communications  cable  you  choose  could  play  a  key  role  in 
protecting  your  network  technology  investment.  DuPont™  certified  cable  produces  20  times  less  smoke 
than  other  plenum  rated  cables.  And  less  smoke  means  less  costly  downtime,  making  it  the  most 
advanced  fire  safety  cable  technology  available  today.  To  learn  more  about  DuPont ™  certified  limited 
combustible  cable  or  to  request  a  free  CD,  log  on  to  teflon.com/cablingmaterials  or  call  1-800-207-0756. 
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EMC  adds  quick 
search,  charge- 
back  functions 


■  BY  DENI  CONNOR 

EMC  this  week  is  expected  to 
announce  enhancements  to  its 
storage  system  that  make  it  easier 
for  users  to  find  files  and  deter¬ 
mine  the  amount  of  capacity 
they  are  using. 

Called  Centera  Seek,  the  soft¬ 
ware  is  a  search  facility  that 
indexes  the  metadata  kept  for 
files  stored  on  its  Centera  system. 
EMC  also  will  launch  Centera 
Chargeback  Reporter,  software 
that  will  let  IT  managers  charge 
departments  or  business  units  for 
using  Centera. 

Centera  is  EMC’s  system  for 
archiving  fixed  content  —  files 
such  as  medical  images,  e-mail 
archives  or  check  images  that 
don’t  change  over  time  and  need 
to  be  saved  for  government  and 
regulatory  compliance. 

Introduced  in  April  2002, 
Centera  is  a  centerpiece  of  EMC’s 
information  life-cycle  manage¬ 
ment  strategy  in  which  data  is 
stored  on  media  based  on  its 
value  to  the  organization.  Each 
Centera  box  consists  of  a  number 
of  nodes  that  can  provide  as 
much  as  4 IT  bytes  of  capacity 
per  rack.  Individual  nodes  can  be 
clustered  for  as  much  as  a 
petabyte  of  capacity 

When  data  is  stored  on  Centera, 
it  is  assigned  a  unique  content 
address  and  a  metadata  refer¬ 
ence.  Customers  retrieve  Centera 
data  by  writing  custom  scripts  or 
applications  that  search  the  sys¬ 
tem  for  the  metadata  references. 

The  Seek  technology  indexes 
the  content  addresses  and  meta¬ 
data  and  lets  users  perform 
queries  to  extract  and  retrieve 
data  without  using  custom  scripts 
or  applications. 

“Seek  is  constantly  monitoring 
what’s  in  the  library  so  you  can 
just  go  to  that  catalog  to  find 
something  when  you  need  it,” 
says  Randy  Kerns,  a  senior  analyst 
for  Evaluator  Group. 

Centera  Chargeback  Reporter, 
which  requires  Centera  Seek, 
continually  monitors  Centera 
and  the  files  stored  on  it.  Because 
it  always  has  an  up-to-date  pic¬ 
ture  of  Centera’s  contents,  admin¬ 
istrators  can  use  it  to  charge  divi¬ 
sions  or  departments  for  their  use 
of  Centera  storage.  Charges  also 


Quick  queries 

With  Centera  Seek,  users 
can  retrieve  fixed 
content  from  EMC’s 
Centera  storage  system 
without  using  custom 
scripts  or  applications. 

Centera  Seek  server 


Centera  storage  system 


Patient  Medical  Other  files 

records  images 


can  be  by  application  such  as 
email  or  medical  images. 

“Being  able  to  report  who 
those  users  are  and  how  much 
capacity  they’re  using  lets  IT 
administrators  deliver  feedback 
to  customers  of  their  consump¬ 
tion  on  almost  an  instantaneous 
basis,”  says  William  Hurley,  a 
senior  analyst  for  Enterprise 
Strategy  Group. 

EMC’s  Centera  competes  with 
HP’s  Reference  Information  Stor¬ 
age  System,  IBM’s  TotalStorage 
DR550,  Permabit’s  Permeon  and 
Network  Appliance’s  NearStore 
R200.  Unlike  these  other  prod¬ 
ucts,  EMC’s  Centera  allows  query¬ 
ing  of  data.  Like  Permabit’s  Perm- 
eon,  Centera  indexes  the  meta¬ 
data  repository 

Centera  Seek  and  Chargeback 
Reporter  require  a  dedicated 
server  running  Red  Hat  Linux 
Enterprise  Server  3.0.  Centera 
Seek  starts  at  $4,000  for  four 
Centera  nodes. 

Centera  Chargeback  Reporter 
is  $1 ,000  for  four  nodes.  Both  are 
expected  to  be  available  at  the 
end  of  March.* 


IBM  to  enhance  WebSphere 
information  integration  wares 


■  BY  ANN  BEDNARZ 

IBM  is  readying  the  next  version 
of  its  information  integration  plat¬ 
form,  which  will  tie  together  data 
retrieval,  content  management 
and  search  technologies  in  an  ef¬ 
fort  to  make  it  easier  for  users  to 
establish  order  over  data  re¬ 
sources. 

Code-named  Serrano  after  the 
chili  pepper,  the  next  version  of 
IBM’s  WebSphere  Information 
Integrator  portfolio  will  feature 
enhanced  search  technology  that 
uses  natural  language  processing 
to  derive  meaning  from  corporate 
documents. 

The  revised  platform,  due  to 
ship  by  year-end,  will  include 
tools  that  can  discover  and  draw 
conclusions  about  potential  rela¬ 
tionships  between  different  data 
sources, says  Nelson  Mattos,  direc¬ 
tor  of  information  integration  at 
IBM.  For  example,  the  tools  could 
find  an  Oracle  database  contain¬ 
ing  customer  information  and  an 
IBM  database  containing  sales 
transactions  “and  be  able  to 
understand  what  these  databases 
contain  and  infer  relationships 
that  may  exist  between  the  data,” 
Mattos  says. 

The  platform  also  will  combine 
content  management  features, 
such  as  the  ability  to  alter  and 
annotate  documents,  with  search 
capabilities.  “With  the  Web  you 
are  dealing  with  documents  you 
don’t  own,  but  in  an  enterprise 
environment  where  teams  have 
to  work  together,  being  able  to 
find  documentation  and  then 
add  information  to  it  is  extremely 
important,”  Mattos  says. 

Interest  in  information  integra¬ 
tion  technology  is  growing  as 
companies  look  for  ways  to  cre¬ 
ate  a  consolidated  view  of  data 
scattered  across  myriad  internal 
and  external  systems.  The  tech¬ 
nology  lets  users  aggregate,  syn¬ 
chronize  and  query  data  that’s 
physically  scattered  as  if  it  were  in 
one  repository  Instead  of  copying 
data  to  a  central  repository  infor¬ 
mation  integration  technology 
lets  data  remain  at  the  source 
while  creating  a  virtual  integrated 
view  that  resides  in  memory  and 
can  be  queried  as  needed. 

A  key  feature  of  information 
integration  technology  is  the  abil¬ 
ity  to  handle  both  structured  and 
unstructured  data  sources,  says 
Susan  Aldrich,  senior  vice  presi¬ 
dent  at  Patricia  Seybold  Group. 


Today  as  much  as  85%  of  infor¬ 
mation  inside  a  company  is  in  the 
form  of  unstructured  documents, 
such  as  e-mail  and  word-process¬ 
ing  files,  as  opposed  to  structured 
relational  databases,  Aldrich  says. 

“If  you  go  back  10  years,  it  was 
pretty  much  assumed  that  any 
information  that  was  worth  any¬ 
thing  was  in  a  relational  database, 
carefully  tended  and  guarded,” 
she  says.  “Now  instead  of  having 
only  a  very  controlled  group  and 
set  of  applications  that  create 
data,  suddenly  everybody  creates 
electronic  information.” 

Corporations  are  turning  to  in¬ 
formation  integration  technology 
for  help.  Along  with  IBM,  data 
management  heavyweights 
Microsoft  and  Oracle  are  eyeing 
the  information  integration  mar¬ 
ket,  as  are  data  warehousing  ven¬ 
dors  such  as  Informatica;  search 
vendors  such  as  Fast  Search  & 
Transfer;  and  a  crop  of  specialists 
such  as  Ascential  Software,  Avaki 
and  Composite  Software. 

Most  recently  Informatica  rein¬ 
forced  its  claim  on  the  market,  un¬ 
veiling  a  product  road  map  last 


week.  Informatica  is  planning 
three  major  releases  of  its  Power- 
Center  platform  over  the  next  two 
years,  starting  with  FbwerCenter 
Advanced  Edition. 

The  new  version,  due  to  ship  in 
March,  bundles  Informatica’s  cur¬ 
rent  FbwerCenter  data  integration 
platform  with  its  SuperGlue  meta¬ 
data  management  tools,  and 
PowerAnalyzer  viewing  and 
reporting  features.  The  release 
adds  team-based  development 
tools  designed  to  streamline 
processes  among  multiple  devel¬ 
oper  teams  and  grid  capabilities 
that  let  users  run  FbwerCenter  on 
a  heterogeneous  server  grid. 

The  next  two  releases  on  tap 
from  Informatica  are  code-named 
Zeus  and  Hercules.  Zeus,  due  in 
the  fall,  are  focused  on  expanding 
the  platform  to  let  users  tie  in 
external  data  sources.  The  Hercu¬ 
les  edition  of  FbwerCenter,  due  in 
fall  2006,  is  Informatica’s  imple¬ 
mentation  of  a  service-oriented 
architecture  platform  that  lets 
users  choose  batch-mode,  real¬ 
time  or  on-the-fly  data  integration, 
for  example, as  projects  require.* 


_ NetworkWorld 

Renovator 

Award 

Have  you  overhauled  your  network  and 

realized  a  substantial  ROI,  discovered 

a  significant  new  business  opportunity  or 

found  a  creative  way  to  leverage  technology? 

If  so,  get  in  the  running  for  Network  World’s  new  Renovator 
Award,  the  top  winners  of  which  will  be  honored  at  a 
celebration  in  Las  Vegas  during  the  NetWorld+Interop 
conference,  May  3-5. 

Entries  will  be  judged  by  a  panel  of  Network  World  editors, 
columnists  and  industry  experts.  Winners  will  be  presented 
an  award  at  the  celebration  and  profiled  in  a  subsequent 
Network  World  story. 

Stand  up  and  be  counted. 


Inter  today  at  www.nwfusion.com/renovator2005.html, 
DocFinder:  5951. 

All  entries  must  be  received  by  March  28, 2005. 

Sponsored  by 


Oracle  Grid 


All  Your  Databases 


^  No  wasted  capacity 
y  no  wasted  money 
y  No  single  point  of  failure 


Oracle  Grid 
It's  fast...  it's  cheap... 
and  it  never  breaks 


oracle.com/grid 
or  call  1.800.633.0753 


Note:  'Never  breaks'  indicates  that  when  a  server  goes  down,  your  system  keeps  on  running. 


Copyright  ©  2005,  Oracle.  All  rights  reserved.  Oracle  is  a  registered  trademark  of  Oracle  Corporation  and/or  its  affiliates. 
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Wireless  to  take  off  at  Vegas  airport 


■  BY  JOHN  COX 

Between  the  wireless  LAN  switches 
and  the  radio  frequency  identifi¬ 
cation  system,  McCarran  Inter¬ 
national  Airport  in  Las  Vegas  is  spend¬ 
ing  serious  money  to  go  wireless.  And 
that’s  not  even  counting  what  it  paid  for 
used  luggage. 

The  switches  are  for  the  airports 
recently  unveiled  no-charge  wireless 
Internet  access  services  for 
passengers.  The  luggage 
was  used  early  this  year  to 
run  an  extensive  battery  of 
tests  on  the  first  part  of  a 
$120  million  baggage  sys¬ 
tem  that  exploits  RFID  tags 
and  will  boast  4  miles  of 
conveyor  belts. 

“We  bought  just  about 
every  piece  of  used  lug¬ 
gage  we  could  find  at 
Salvation  Army  stores  and 
other  places,"  says  Samuel 
Ingalls,  McCarran’s  assis¬ 
tant  director  of  aviation, 
information  services.  “We 
cleaned  them  out.” 

The  luggage  was  hauled 
to  the  Air  Cargo  Terminal, 
chosen  to  be  the  first  site 
for  what  eventually  will  be 
an  airport-wide  automated 
system  to  collect,  screen 
and  X-ray  luggage,  and  then  parcel  it 
out  on  time  to  the  gates  to  load  onto 
jets.  The  Air  Cargo  site  also  will  be 
used  to  screen  luggage  checked  in 
from  offsite  locations  such  as  hotels 
and  resorts.  Later  this  year,  bags  from 
those  sites  will  arrive  at  this  terminal, 
run  through  screening  and  then  pass 
along  the  conveyor  system  being  built 
at  the  other  terminals. 

Early  tests  look  good 

The  RFID  tests  at  the  terminal  have 
been  impressive,  Ingalls  says. 

Bags  with  read-only  RFID  tags  pass 
along  the  conveyors  through  gate-like 
RFID  readers  (see  graphic).  A  radio 
chip  in  each  tag  sends  out  a  signal  that 
is  picked  up  by  the  gate’s  antenna  array 
The  tags  transmit  a  unique  10-digit  ID 
number,  which  is  forwarded  along  with 
a  time  stamp  to  a  secure  Oracle  data¬ 
base  that  associates  the  information 
with  passengers’  personal  data  and 
flight  information. 

Until  now,  each  airline  at  McCarran 
had  its  own  tagging  system  based  on 
bar  codes,  which  have  to  be  read  by  a 


laser  scanner.  The  scanner  must  have  a 
clear  line  of  sight  to  the  tag.  But  scans 
can  fail  to  register  because  of  dust  on 
scanning  heads,  inclement  weather  in 
areas  near  jets  or  misaligned  print 
heads  that  smear  part  or  all  of  the  bar¬ 
code  label. 

“Their  read  rates  vary  from  about  80% 
to  90%  accurate  in  most  systems,” Ingalls 
says.“Unless  the  tag  can  be  clearly  seen 
by  the  scanner,  it  won’t  be  read.” 


Ingalls’  goal  for  the  RFID  system  was  a 
read  accuracy  rate  of  99.8%.  In  the  tests 
earlier  this  year  at  the  Air  Cargo 
Terminal,  using  all  those  thousands  of 
Salvation  Army  suitcases,  backpacks 
and  duffel  bags,  the  lowest  rate  was 
99.89%. “In  one  test  with  3,000  bags,  we 
had  one  misread,”  Ingalls  says. 

McCarran  on  average  handles  65,000 
outbound  bags  per  day  If  10%  of  those 
were  misread,  the  airport  would  have  to 
have  a  process  to  handle  some  6,500 
bags  manually,  at  least  for  part  of  the 
process.  Every  time  a  bag  has  to  be 
touched  between  a  ticket  counter  and  a 
jet’s  cargo  bay,  it  costs  time  and  money. 

Lost  or  late  bags  cost  even  more. 
According  to  data  from  S1TA,  a  Geneva 
IT  services  company  owned  by  airlines 
and  other  air  transport  industry  compa¬ 
nies,  mishandled  baggage  cost  airlines 
$1  billion  per  year.  The  company  esti¬ 
mates  it  costs  an  airline  an  average  of 
nearly  $90  when  a  bag  doesn’t  show  up 
on  time.  In  2004,  the  number  of  mishan¬ 
dled  bags  in  the  U.S.  jumped  20%  over 
the  2003  figure,  SITA  says. 

That’s  a  big  incentive  for  McCarran 


and  its  airlines  to  bring  the  RFID  system 
online,  on  schedule.  The  plan  is  to  have 
conveyors  in  place,  with  RFID  readers, 
RFID  printers  at  the  ticket  counters  in 
the  main  terminal  and  two  new  securi¬ 
ty  scanning  sites, all  operational  by  mid¬ 
year,  with  the  remaining  sites  in  the 
months  following.The  first  RFID  printers 
are  due  to  arrive  in  the  next  week  or  so. 

The  entire  project  —  which  includes 
conveyor  installation,  construction  of 


what  amounts  to  six  multi-story  build¬ 
ings,  IT  spending,  the  RFID  components 
and  tags  —  will  cost  $125  million. That 
includes  a  5-year  $20  million  contract 
for  100  million  RFID  tags. 

FKI  Logistex,  a  St.  Louis  company  that 
specializes  in  automated  materials  han¬ 
dling,  is  building  the  new  baggage  sys¬ 
tem.  The  RFID  components  are  from 
Symbol  Technologies,  which  last  fall 
acquired  Matrics,  the  RFID  company 
originally  working  on  the  project. 

Most  passengers  will  never  notice  this 
system,  though  they  might  notice  that 
they  no  longer  have  to  schlep  their  bags 
over  to  the  X-ray  machines  after  check¬ 
ing  in.  This  should  give  passengers 
whose  computers  are  outfitted  with  a 
WLAN  card  more  time  to  use  McCarran’s 
free  wireless  Internet  access  system. 

Wireless  'Net  access 

The  $75,000  WLAN  system  went  live  in 
January  with  20  Aruba  Wireless 
Networks  access  points  —  now  up  to 
30.  The  airport  plans  to  add  another  30 
over  time  to  support  more  users,  enable 
load  balancing  among  access  points 


and  dedicate  some  as  radio  monitors, 
says  Gerard  Hughes,  airport  network 
manager. 

The  access  points  were  installed  easi- 
ly.The  IS  group  mounted  them  on  pillars 
supporting  the  ubiquitous  video 
screens  known  as  FIDS,  for  Flight 
Information  Display  System,  which 
show  flight  arrival  and  departure  infor¬ 
mation  throughout  the  terminals.These 
pillars  already  were  wired  for  electricity 
and  a  link  to  the  airport’s 
fiber  backbone.  The  access 
points  connect  back  to  one 
of  Aruba’s  high-end  Model 
5000  switches  in  the  main 
terminal’s  data  center. 

“We  liked  the  idea  of  the 
access  point  as  a  dumb 
radio,  with  the  intelligence 
on  the  switch,”  Hughes  says. 

It’s  a  stand-alone  WLAN, 
running  separately  from  the 
airport’s  backbone.  Internet 
access  is  via  a  3M  bit/sec 
DSL  pipe. 

Roughly  200  to  300  peo¬ 
ple  use  the  system  daily. 
During  the  recent  heavily 
attended  Consumer  Elec¬ 
tronics  Show,  the  number 
jumped  to  900  to  1,200.  A 
few  times  there  were  about 
500  concurrent  users,  with 
no  impact  on  performance. 

The  one  unknown  was  customer  sup¬ 
port:  how  to  handle  the  inevitable  calls 
about  connection  problems  or  other 
glitches.  The  IS  group  chose  simple 
Service  Set  Identifier,  and  put  together 
an  easy-to-read-and-use  brochure  that’s 
distributed  throughout  the  airport.  It 
seems  to  be  working:The  help  desk  gets 
four  or  five  calls  a  day  about  the  WLAN. 
“So  we  think  it’s  been  pretty  easy  for 
people  to  get  online,”  Hughes  says. 

Recently,  one  airport  tenant,  which 
offers  wheelchair  services  for  passen¬ 
gers,  began  running  its  VPN  over  the 
WLAN  so  staff  with  wireless  handhelds 
can  schedule  services  while  on  the 
move. 

Over  time,  Hughes  expects  other  ten¬ 
ants  and  the  airport  itself  to  add  appli¬ 
cations  to  the  network,  using  Aruba’s 
virtual  LAN  tagging  support  to  keep 
them  separate.  ■ 


Wireless 

Subscribe  to  our  free  newsletter. 
^^^^^^Hww.nwft>sion.com 


RFID  at  the  airport 

McCarran  International  Airport  is  readying  wireless-enabled  tags 
to  track  and  route  passenger  baggage. 


HOW  IT  WORKS 


O  An  RFID  tag  is  attached  to  a  passenger  ©  Servers  handle  bag  routing,  ©  Gate-like  RFID  readers  ©  A  secure  database  links  ID 

bag  and  the  ID  number  is  sent  to  an  and  monitor  conveyors  and  straddle  conveyors. 

Oracle  database.  RFID  components. 


A  workhorse.  A  guardian  angel. 
Technology  so  advanced,  even  you'll  be  pleased. 


Array  TMX  Series 

Application  Front  End 


•  Nexi-Generation  Load  Balancing 
and  Traffic  Management 

•  Secure,  Accelerated 
Application  Delivery 

•  Enterprise-class  Availability 
ond  Scalability 


Array  SPX  Series 

Enterprise  SSL  VPN 


•  Enterprise  Class  Remote  Access 

•  Supports  and  Accelerates 
Ail  Applications 

•  Scalable  to  Meet  Your  Needs 

•  Best  ROi  on  the  Market  Today 


At  last,  technology  with  the  muscle  to  handle  the  size  of  your 
objectives.  Say  hello  to  Array  Networks.  Proven  in  some  of  the 
largest  organizations  in  the  world,  our  appliances  can  secure  and 
deliver  applications  to  users  anywhere,  while  at  the  same  time 
accelerating  and  optimizing  your  entire  network.  And,  our  products, 
solutions  and  technology  come  with  a  record  of  reliability  that 
even  the  toughest  critic  can  appreciate. 

ArrayNetworks” 

•  The  Application  Networking  Company 


For  more  information  log  onto  www.arraynetworlcs.net 
or  call:  1 -866-MY-ARRAY. 
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Internap  offer 
supports  links  to 
multiple  ISPs 

■  BY  TIM  GREENE 

Internap  is  introducing  a  consulting  service  to  tune  up  business 
Internet  connections  at  sites  that  have  links  to  more  than  one  ISP  as  a 
way  to  boost  performance  of  their  Web  applications. 

Called  Professional  Services,  the  offering  combines  customer  network 
evaluation  with  advice  on  how  to  make  sure  traffic  in  and  out  of  Web 
servers  travels  through  the  ISP  that  offers  the  best  service  at  that  time. 

The  service  provider,  which  sells  high-reliability  high-performance 
Internet  connections  among  other  programs,  developed  Professional 
Services  based  on  its  experience  selling  route-optimization  gear  to  its 
customers.  These  customers  had  decided  they  wanted  to  buy  the 
equipment  but  lacked  expertise  in  Border  Gateway  Protocol  (BGP),the 
technology  on  which  the  route-optimization  gear  is  based. 

Internap’s  Flow  Control  Platform  sits  on  corporate  networks  as  a  peer 
with  WAN  routers  that  are  connected  to  more  than  one  ISP  a  setup 
called  multihoming. The  boxes  monitor  flows  in  and  out  of  the  sites  to 
determine  delay  and  whether  one  of  the  ISPs  can  supply  a  faster  or  less 
expensive  service.  Based  on  customer-set  policies,  the  devices  can  issue 
route  table  changes  that  divert  traffic  to  the  appropriate  ISP 

Internap  has  obtained  most  of  the  route-control  expertise  through  pur¬ 
chases  last  year  of  Sockeye  Networks  and  NetVmg,  two  start-ups  that 
specialized  in  this  type  of  gear  and  Internet  traffic  analysis. 

Properly  setting  the  machines  requires  knowledge  of  BGPtalent  that  is 
in  short  supply  says  Douglas  Chadwick,  CEO  of  hosting  provider  Dynam¬ 
ic  Concepts  in  Aliso  Viejo, Calif., which  uses  the  service.Even  if  he  could 
find  qualified  people  to  handle  the  gear,  they  would  cost  too  much. 

“If  I  had  these  people  on  staff,  it  might  be  four  or  five  months  before 
I  had  a  customer  who  needed  that  expertise,”  he  says.  “I  find  it’s  more 
cost  effective  to  have  a  virtual  team  of  experts”  through  Internap. 

The  services  are  broken  down  into  five  categories:  Multihoming  Jump 
Start,  Multihoming  Optimizer,  VoIP-readiness  Assessment,  VoIP  Optimi¬ 
zation  and  Global  Application  Optimization. The  services  cost  $5,000, 
but  the  price  is  customized  depending  on  individual  customer  cir¬ 
cumstances.  Hardware  is  extra.  ■ 


EBBERS  ON  TRIAL!  Defense  begins  its 


case 


As  the  defense  last  week 
began  to  build  its  case  in  the 
trial  of  former  WorldCom  boss 
Bernie  Ebbers,  a  former 
company  board  member 
testified  that  chief  prosecution 
witness  Scott  Sullivan  told  him 
that  Ebbers  did  not  know  of 
certain  fraudulent  journal 
entries.  Bert  Roberts  said  he 
spoke  with  Sullivan  on  June  20, 

2002,  as  part  of  the  board's 
inquiry  into  questionable 
accounting  changes  that 
Sullivan  approved.  “I  asked 
Scott  whether  Bernie  knew,  and 
his  answer  to  me  was  that 
Bernie  did  not  know  of  the 
journal  entries,”  Roberts  said. 

"I  did  not  pursue  the  issue  further."  Upon  cross-examination,  Sullivan 
denied  any  recollection  of  that  conversation.  Another  witness, 
internal  auditor  Cynthia  Cooper,  also  bolstered  Ebbers’  contention 
that  he  was  unaware  of  the  financial  improprieties  that  Sullivan 
already  has  pled  guilty  to  having  committed.The  defense  was  to 
resume  its  case  today. 


Ebbers  arrives  at  Federal  Court  in  New  York, 
Tuesday,  Feb.  22.  (AP  photo/Mary  Altaffer) 


Neterion  launches  another 
10  Gigabit  Ethernet  NIC 


■  BY  PHIL  HOCHMUTH 

Keeping  ahead  of  competitors 
—  and  possibly  user  demand  — 
Neterion  last  week  announced  a 
version  of  its  10G  Ethernet  server 
adapter  based  on  the  emerging 
PCI  Express  standard. 

The  XFrame  E  network  adapter 
will  let  users  with  big  bandwidth 
needs  move  data  between  serv¬ 
ers  at  speeds  of  up  to  10G  bit/sec 
over  a  fiber-based  10G  Ethernet 
LAN  connection,  the  vendor  says. 
The  product  is  targeted  at  such 
applications  as  network-attached 
storage  devices,  digital  video  edit¬ 
ing  machines  and  high-perfor¬ 
mance  computing  clusters. 

Neterion,  formerly  known  as 
S2IO,  released  its  XFrame  II  10G 
network  interface  card  (NIC)  in 
January  based  on  the  PIC-X  2.0 
server/PC  bus  standard.  That  NIC 
was  the  first  product  from  S2IO 
that  delivers  a  full  10G  bit/sec  of 
throughput,  as  past  10G  NICs  from 
the  vendor  topped  out  at  about 
6G  to  8G  bit/sec  because  of  limi¬ 
tations  on  how  the  card  inter¬ 
faced  with  PCI-X  bus  slots,  Neter¬ 
ion  says.  Like  the  XFrame  II,  Net- 
erion’s  new  XFrame  E  allows  for  a 
full  10G  bit/sec  Ethernet  interface. 

The  cards  will  support  Linux, 
Unix  and  Windows. 

The  PCI-X  2.0  standard  gives  a 
computer  an  I/O  rate  of  up  to 
4.26G  byte/sec  (or  34G  bit/sec). 
The  PCI  Express  standard  drives 
this  I/O  rate  up  to  a  maximum  of 
16G  byte/sec;  this  could  allow  for 
multi-port  interfaces  of  10G  Ether¬ 
net,  InfiniBand  or  other  high¬ 
speed  interconnect  technologies. 

Vendors  with  PCI  Express  10G 
Ethernet  adapters  include  Chel- 
sio  Communications  and  Intel. 
However,  these  vendors’  cards 
support  a  maximum  of  6G  to  8G 
bit/sec,  according  to  Neterion. 
Myrinet,  which  makes  high-speed 
interconnects  for  computer  clus¬ 
ters,  plans  to  have  a  PCI  Express- 
based  10G  Ethernet  NIC  available 
in  the  second  quarter. 

While  these  types  of  server 
speeds  are  technically  feasible 
and  commercially  available,  ana¬ 
lysts  say  there  should  be  minimal 
uptake  of  10G  NICs  and  PCI  Ex- 
press-based  servers  in  the  next 
few  years. 

Any  server  NIC  products  com¬ 
ing  out  now  are  strictly  for 
leading-edge  users,  says  James 
Opfer.a  research  vice  president  at 
Gartner.  These  might  include 


Neterion's  new  10G  NIG  supports 
PCI  Express  bus  technology. 


users  of  high-performance  com¬ 
puting  clusters  —  such  as 
research  laboratories  or  oil  and 
gas  exploration  firms. 

While  server  vendors  are  lean¬ 
ing  toward  PCI  Express-based  sys¬ 
tems,  Opfer  says  this  high-speed 
bus  architecture  is  also  a  ways  off. 
“You  just  don’t  put  in  a  new  bus 
architecture  that’s  10  times  faster 
overnight,”  he  says. 

For  early  adopters  of  10G  Ether¬ 
net  switches,  10G  links  to  servers 
may  be  the  next  logical  step.  But 
users  who  have  upgraded  to  10G 


switches  might  want  to  catch 
their  breath  with  the  new  LAN 
technology  first. 

“We’re  happy  with  10  Gigabit 
just  in  the  [LAN]  core  right  now( 
says  Dan  Moreale,  CIO  at  the 
North  Bronx  Healthcare  Net¬ 
work.  The  healthcare  group, 
which  comprises  three  hospitals 
and  several  clinics,  installed  10G 
Ethernet  switches  from  Extreme 
Networks  in  2003. 

Moreale  says  he  has  looked  into 
10G  NIC  technology  possibly  for 
large  network-attached  backup 
servers.  But“it’s  just  at  the  idea 
stage,”  he  says.  “I’m  not  ever  sure 
the  I/O  [on  our  servers]  could 
handle  it.” 

Neterion’s  XFrame  E  NICs  will  be 
available  through  the  company’s 
server  vendor  partners  later  this 
year.  Neterion  server  hardware 
resale  partners  include  IBM,  HP 
Silicon  Graphics  and  Sun.B 


Juniper  hiring  hints  at 
company's  buyout  plans 

■  BY  JIM  DUFFY 

Despite  public  statements  to  the  contrary  Juniper  appears  to  be  mov¬ 
ing  fast  on  the  acquisition  front,  particularly  in  wireless  LANs. 

Late  last  year,  the  company  quietly  appointed  a  vice  president  of  busi¬ 
ness  development  to,  among  other  things,  orchestrate  the  company’s  ac¬ 
quisition  of  a  WLAN  player.  Nicholas  Pianim  has  a  background  in  ven¬ 
ture  capital  and  once  led  a  now-defunct  Internet  data  center  company 

Pianim  did  not  respond  to  an  interview  request  left  on  his  voice  mail 
at  Juniper;  and  a  company  spokeswoman  said  he  probably  won’t. 

According  to  published  reports,  Juniper  CEO  Scott  Kriens  said  at  an 
analyst  meeting  less  than  two  weeks  ago  that  the  company  looks  to 
acquire  firms  and/or  technology  where  it  has  gaps,  but  that  Juniper  is 
in  no  hurry  Pianim’s  appointment  indicates  otherwise,  as  Juniper  and 
other  industry  players  look  to  counter  Cisco’s  recent  $450  million 
acquisition  of  WLAN  switch  maker  Airespace. 

Sources  say  Pianim  is  in  discussions  with  Juniper  WLAN  partner  Colu- 
bris  Networks,  and  WLAN  switch  makers  Aruba  Wireless  Networks  and 
Trapeze  Networks.The  possible  targets  were  tightlipped  about  any  such 
talks. 

“There  really  isn’t  anything  we  can  say  regarding  Juniper  or  any  other 
potential  partnership,”  a  Trapeze  spokeswoman  said. 

Pianim  also  is  overseeing  an  internal  bakeoff  between  Aruba  and 
Colubris  gear  at  Juniper,  sources  say  The  “winner”  of  that  evaluation 
could  end  up  being  bought  by  the  company  they  say 

Some  observers  believe  the  frontrunner  is  Colubris,  which  has  a  2- 
yearold  joint  development  and  marketing  arrangement  with  Juniper 
for  public  WLAN  hot  spot  and  secure  enterprise  WLAN  applications. 
The  two  have  multiple  joint  customer  accounts. 

Sources  also  say  Aruba  will  seek  well  north  of  what  Cisco  paid  for 
Airespace,  which  might  make  it  too  expensive  for  Juniper. Then  again, 
the  $1.3  billion  network  equipment  maker  paid  $4  billion  in  stock  last 
year  for  NetScreen  Technologies. 

Analysts  expect  Juniper  to  acquire  companies  this  year  to  broaden  its 
penetration  into  the  enterprise  network  market.  Other  areas  under  con¬ 
sideration  are  VoiPstorage,and  Layer  3  and  4-7  switching,  analysts  sayB 


MEANS  MORE  POWER 
MORE  AFFORDABLY. 


ProCurve  Networking  by  HP  offers  a  range  of  affordable 
gigabit-enabled  switches  that  is  second  to  none.  That 
means  you  can  get  better  performance  from  your  network 
along  with  better  performance  from  your  networking 
dollars.  Downloads  that  used  to  take  minutes  can  now  be 
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ProCurve  gigabit-enabled  switches  are  backed  by 
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Aerospace  firms  take  to  offshoring 

Specialized  treatments 

Offshore  IT  service  providers  are  heightening  their  focus  on 
vertical  markets  such  as  aerospace  and  telecom. 
Developments  in  February: 

•  Boeing  signs  a  multiyear,  multimillion  dollar  contract  with  Indian 
IT  services  firm  HCL  for  software  and  hardware  development 
for  Boeing's  787  Dreamliner  program. 

•  Offshore  IT  services  providerTata  Consultancy  Services  expands 
into  the  aerospace  vertical  market  by  partnering  with  National 
Aerospace  Laboratories  in  India,  announcing  the  launch  of  its 
Flosolver  Mk6  computing  machine,  which  can  handle  a  range  of 
aerospace  applications. 

•  Indian  IT  services  firm  Wipro Technologies  announces  a 
partnership  withTestQuest  to  provide  test  automation  services 
for  the  mobile  and  wireless  industry  and  says  it  is  developing  a 
multimedia  messaging  service  automated  test  product  for  “one 
of  the  world's  largest  operators.” 


Software 
safeguards 
mobile  net 
devices 

■  BY  JOHN  COX 

Updated  software  from  Credant 
Technologies  promises  to  simp¬ 
lify  data  encryption  on  mobile 
devices  and  fill  in  cryptographic 
gaps  left  by  rival  products. 

With  Mobile  Guardian  Enter¬ 
prise  Edition  4,  network  adminis¬ 
trators  can  set  up  encryption 
policies  for  mobile  workers  with¬ 
out  those  users  having  to  do  any¬ 
thing.  The  Mobile  Guardian 
Shield  client  runs  on  Windows- 
based  laptops,  PDAs  and  smart¬ 
phones,  and  enforces  policy 
selections  whether  a  user  is  on¬ 
line  or  offline. 

“There  are  tons  of  competi¬ 
tors,  most  of  them  offering 
file/folder  or  complete  hard 
disk  encryption  products,”  says 
Deb  Mielke,  managing  director 
at  Treillage  Network  Strategies. 
“But  with  Credant,  you  can  cen¬ 
tralize  the  control  and  adminis¬ 
tration  of  all  this.” 

Until  the  new  release,  Mobile 
Guardian  was  a  folder-based 
encryption  program. 

Rivals  include  PC  Guardian 
Technologies,  Utimaco  Safeware, 
Pointsec  Mobile  Technologies 
and  Microsoft,  whose  Encrypting 
File  Systems  are  part  of  Windows 
2000  and  XP  Some  vendors,  such 
as  Senforce  (for  more  informa¬ 
tion  on  the  company,  go  to  www. 
nwfusion.com,  DocFinder: 
6092),  incorporate  client  encryp¬ 
tion  as  part  of  a  larger  package 
of  mobile  protections. 

Mobile  Guardian  doesn’t  en¬ 
crypt  the  Windows  operating  sys¬ 
tem,  program  files  and  similar 
data.  Credant  executives  say  that 
in  some  cases  a  flaw,  such  as  a 
bad  sector  on  a  disk,  can  cause  a 
fully  encrypted  disk  to  no  longer 
boot  Windows,  which  renders  the 
client  unusable. 

The  new  version  of  Mobile 
Guardian  lets  administrators 
selectively  encrypt  data,  files 
and  folders  that  are  often  over¬ 
looked  by  encryption  vendors 
or  users. 

One  of  the  better-known  exam¬ 
ples  is  page  files  (formerly  called 
swap  files)  created  by  Windows 
to  temporarily  store  data  and 
applications  to  free  memory  for 
other  programs. 

Release  4  costs  $72  per  user  for 
a  1,000-user  license.* 


■  BY  JENNIFER  MEARS 

With  the  airline  industry  con¬ 
tinuing  to  struggle,  aircraft  manu¬ 
facturers  such  as  Boeing  and  Air¬ 
bus  are  expecting  to  cut  costs  by 
sending  some  of  their  software 
development  and  engineering 
work  offshore. 

Increasingly,  offshore  providers 
realize  that  they  must  cater  to 
vertical  market  segments  and 
establish  more  technical  exper¬ 
tise  in  areas  such  as  aerospace, 
telecom,  and  oil  and  gas.  Recent 
moves  by  Indian  IT  providers 
such  as  Tata  Consultancy  Serv¬ 
ices  and  Wipro  Technologies 
underscore  the  trend. 

Tata,  which  offers  specialized 
services  for  11  vertical  indus¬ 
tries,  including  banking,  energy 
and  utilities,  and  insurance  mar¬ 
kets,  is  adding  one  more  vertical 
market  to  its  roster.  Earlier  this 
month,  Tata  announced  a  part¬ 
nership  with  India’s  state-run 
National  Aerospace  Labora¬ 
tories  to  develop  the  expertise 
needed  to  serve  the  aerospace 
industry. 

The  two  organizations  say  they 
jointly  will  offer  services  for 
aerospace  firms,  which  include 
design,  testing  and  advanced 
computer-aided  technologies. 


■  BY  ANN  BEDNARZ 

Peregrine  Systems  this  week  is 
set  to  announce  a  new  version  of 
its  IT  asset  management  suite 
designed  to  help  corporations  bet¬ 
ter  gauge  their  software  licensing 
requirements  and  stay  in  compli¬ 
ance  with  license  agreements. 

AssetCenter  4.4  has  new  tools 
for  software  metering.  While  cur¬ 
rent  modules  let  users  keep  tabs 
on  the  number  of  software  li¬ 
censes  in  use,  Peregrine’s  new 
software  asset  management  mod¬ 
ule  adds  the  ability  to  track  in 
greater  detail  who  is  using  which 
applications  and  for  how  long, 
says  Craig  Macdonald,  vice  presi¬ 
dent  of  product  marketing  and 
management  at  Pferegrine.  “What 
we’re  getting  now  is  more  specific 
information  about  actual  usage 
patterns.” 

By  tracking  software  usage, 
companies  can  find  unused 
licenses  and  potentially  renegoti¬ 
ate  software  contracts  to  lower 


Tata  also  last  week  announced 
the  launch  of  its  Flosolver  Mk6,a 
parallel-computing  Xeon-based 
machine  that  runs  Linux  and  is 
designed  specifically  to  support 
aerospace  applications. 

Tata  executives  say  they  see 
growing  demand  for  services 
and  technologies  in  the  global 
aerospace  community 

Evidence  of  that  came  earlier 
this  month  when  Indian  IT  ser¬ 
vices  firm  HCL  Technologies 
announced  a  multiyear,  multi- 
million-dollar  contract  to  pro¬ 
vide  software  and  hardware 
development  services  to  Boe¬ 
ing  for  its  new  787  Dreamliner 
project. 

Aerospace  has  been  a  key  ver¬ 
tical  market  for  HCL  since  the 
late  1990s,  but  the  deal  with 
Boeing  illustrates  the  move  into 
more  critical  IT  projects.  Under 
the  agreement,  HCL  will  provide 
a  hosting  platform  for  Boeing’s 
flight  test  computing  system,  and 
software  development  services 
to  Boeing  and  its  Tier  1  partners. 

“If  you  examine  ...  the  tumult 
of  airlines  at  the  present  time,  it’s 
no  wonder  that  members  of  the 
supply  chain  are  adversely 
affected,”  says  Dane  Anderson, 
program  director  of  technology 
research  services  at  Meta  Group. 


spending.  Additionally,  with  Asset- 
Center  4.4,  companies  can 
streamline  the  software  auditing 
process,  Macdonald  says. 

Vendors  increasingly  audit  cus¬ 
tomers  to  make  sure  their  usage 
complies  with  contracts.  But 
manually  getting  through  an 


He  says  by  looking  offshore  — 
and  pinpointing  what  areas  of  IT 
can  best  be  offloaded  —  aero¬ 
space  firms  can  increase  cost 
efficiencies. 

“As  airlines  continue  to  strug¬ 
gle  with  managing  cost  on  a  day- 
to-day  basis,  elements  support¬ 
ing  the  airlines  need  to  do  so  as 
well,”  he  says. 

Results  of  a  Merrill  Lynch  sur¬ 
vey  of  50  CIOs  in  December 
found  that  a  key  driver  for  mov¬ 
ing  jobs  offshore  is  the  expected 
cost  savings. 


audit  can  cost  a  company  $35 
per  device,  he  says.  With  Asset- 
Center,  IT  can  track  licenses 
down  to  the  version  number  and 
reconcile  contractual  metrics 
against  actual  installations. 

Many  companies  are  paying 
more  attention  to  IT  asset  man¬ 


According  to  the  survey,  more 
than  half  of  the  CIOs  polled  said 
they  expected  to  see  between 
25%  and  49%  cost  savings  as  a 
result. 

To  respond  to  the  demand  for 
more  advanced  services,  IT  firms 
have  to  step  up  their  vertical 
market  expertise.  Wipro  earlier 
this  month  announced  a  part¬ 
nership  with  TestQuest  to  pro¬ 
vide  test  automation  services  for 
Wipro’s  growing  customer  base 
in  the  wireless  and  mobile 
industry.  ■ 


agement  in  the  face  of  continuing 
budget  squeezes  and  increased 
regulatory  requirements,  accord¬ 
ing  to  Gartner.  Managing  software 
resources  is  not  an  area  that  cor¬ 
porations  have  mastered.  Fewer 
than  10%  of  Gartner’s  customers 
have  optimized  software  asset- 
management  programs  under¬ 
way  the  firm  says. 

Other  vendors  competing  in  the 
asset  management  market  in¬ 
clude  Altiris,  BMC  Software, 
Computer  Associates,  HP  and 
LANDesk  Software. 

AssetCenter  4.4  is  set  to  ship  in 
March.  The  full  suite  includes 
tracking  tools  that  provide  a  con¬ 
solidated  view  into  a  company’s 
hardware,  software  and  network 
assets;  expense  control  tools  that 
help  track  costs  associated  with 
any  IT  asset  from  its  acquisition  to 
disposal;  and  process  automation 
capabilities  for  streamlining  asset- 
related  business  processes  such 
as  procurement,  invoice  and  pay¬ 
ment  reconciliation.* 


Peregrine  upgrades  asset  mgmt  suite 

Wasted  software  assets  add  up 

Unused  applications  cost  companies  billions  of  dollars 
each  year  in  unnecessary  IT  spending,  according  to 
research  from  BPM  Forum. 

•  Only  25%  of  226  survey  respondents  conduct  a  company-wide 
software  audit  annually. 

•  13.4%  never  conduct  software  audits  at  all. 

•  61%  have  no  formal  system  for  qualifying,  certifying  and  validating 
current  and  new  software  applications. 

•  73%  of  respondents  have  no  systematic  processes  for  retiring 
applications. 

•  70%  are  convinced  they’re  maintaining  redundant,  deficient  or 
obsolete  applications. 
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Satellite 

continued  from  page  7 

that  broadband  satellite  would 
produce  [demand  for]  millions 
and  millions  of  [business]  sites  in 
a  short  period  of  time,  and  it  just 
hasn’t  done  that,”  says  Chris 
Baugh,  an  analyst  for  Northern 
Sky  Research.  “Satellites  are  at  a 
big  disadvantage.” 

The  result  is  that  growth  of  satel¬ 
lite  use  remains  constant  — 
about  4%  to  5%  per  year  —  rather 
than  making  a  dramatic  jump  to 
7%  to  10%  as  industry  observers 
expected  last  year.  Worldwide, 
there  are  fewer  than  1  million 
corporate  VSAT  sites  (see  graph¬ 
ic,  right),  according  to  Northern 
Sky.  Worldwide  VSAT  revenue 
from  businesses  last  year  totaled 
$1.76  billion. 


Still,  there  are  encouraging 
signs.  A  Ka-band  satellite  launch¬ 
ed  last  year,  Anik  F2,  is  scheduled 
to  support  new  small-business 
data  services  later  this  year  via 
BlueSky  a  start-up  funded  with 
$150  million.  Another  Ka-band 
satellite,  iPStar,  is  scheduled  to  be 
launched  this  spring  and  will  sup¬ 
port  broadband  services  in  Asia. 

Airline  communications  equip¬ 
ment  vendor  Row  44  says  later 
this  year  it  will  test  use  of  Ka- 
band  satellites  with  its  gear  to 
provide  in-flight  high-speed  In¬ 
ternet  access. 

Two  more  Ka-band  satellites  — 
Spaceway- 1  and  Spaceway-2  —  to 
be  launched  this  year  by  Hughes 
originally  were  intended  for  cor¬ 
porate  data  networks.  But  last 
year,  DirecTV  which  owns  Hughes, 
announced  it  instead  would  use 


Satellite  calling 


Satellite  services  are  not  for  everyone.  Here  are  a  few 
issues  to  consider: 


No  wired  connections  needed.  |  Expensive  installation. 

Service  is  relatively  inexpensive 
once  installation  fees  are  paid. 

Built-in  delay  may  be  hard  on  some 
applications. 

Can  be  bundled  with  satelliteTV 
and  in  some  cases  phone  service. 

Asymmetric  nature  of  the  service 
may  be  unsuitable  for  some 
businesses. 

them  exclusively  for  high-defini- 
tion,  direct-to-the-home  television 
broadcasts. 

Also  threatening  to  satellite  use 
is  WiMAX,  high-bandwidth  micro- 
wave  access  transmitted  by  Earth- 
bound  antennas.  At  its  best, 
WiMAX  can  send  signals  30  miles 
with  a  maximum  bandwidth  of 


Firetide  unveils  WLAN  mesh  net 

HotPort  mesh  nodes  improve  throughput  by  two-thirds,  company  says. 


■  BY  JOHN  COX 

Firetide  is  releasing  new  wireless  mesh  hardware 
and  software  that  lets  users  create  a  widespread 
wireless  mesh  Ethernet  network  that  can  handle 
data,  voice  and  video. 

Using  the  new  HotPort  3000  indoor  and  outdoor 
mesh  nodes,  users  can  boost  throughput  by  two- 
thirds  and  nearly  triple  the  number  of  nodes  in  the 
network  over  the  company’s  previous  offerings, 
Firetide  says.  Specifically,  the  new  CPU  and  the  soft¬ 
ware  changes  increase  maximum  throughput  from 
15M  to  18M  bit/sec  for  the  current  1500  line,  and  to 
25M  bit/sec  for  the  3000,  though  that  depends  on 
the  application,  distance  from  the  node  and  other 
variables. 

At  the  same  time,  users  can  create  a  mesh  network 
with  up  to  50  nodes,  which  includes  a  mix  of  out¬ 
door  and  indoor  boxes.The  largest  network  with  the 
1500  model  had  18  nodes,  according  to  Firetide 
executives.  The  larger  network  can  cover  a  much 
wider  area  (although  the  exact  coverage  hinges  on 
the  radio  frequency  chosen,  obstacles  and  other 
variables), support  more  users  or  both. 

The  Firetide  nodes  are  essentially  Ethernet  switch¬ 
es  that  route  traffic  among  themselves  via  radio  sig¬ 
nals.  This  eliminates  the  need  to  run  Category  5 
cable.  Any  of  the  devices  normally  found  on  a  wired 
LAN  such  as  video  surveillance 
cameras,  printers,  laptops,  wireless 
LAN  access  points  and  even 
servers,  simply  plug  into  the 
Firetide  box  via  standard  Ethernet 
ports.  Traffic  typically  hops  wire¬ 
lessly  through  two  or  three  nodes 
to  one  or  more  Firetide  boxes  that 
act  as  gateways  to  the  wired 
Ethernet  or  Internet. 

The  HotFbrt  3103  indoor  mesh 
node  and  the  HotFbrt  3203  out¬ 
door  node  incorporate  a  new  CPU, 
an  Intel  XScale  processor  running 
at  530  MHz.The  3000  products  also 
use  Linux,  rather  than  the  FreeBSD 
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Unix  variant  on  the  1500  line. 

The  3103  has  four  10/100M  bit/sec  Ethernet  ports, 
and  meets  building-code  requirements  for  deploy¬ 
ment  above  drop  ceilings. 

The  HotPort  3203  has  an  aluminum  weatherproof 
enclosure, sun  shield,  two  10/100  Ethernet  ports  and 
two  6dBi  omni-directional  antennas.  It  can  be  fitted 
with  a  more  sensitive  8dBi  antenna.  It  supports  IEEE 
802.3af  Fbwer  over  Ethernet,  meaning  that  it  can 
send  power  to  the  Ethernet-attached  devices  or 
draw  electrical  power  from  them  for  its  own  use. 
Fbwer  options  include  a  solar  charger,  and  integrat¬ 
ed  battery  for  back-up  power. 

No  change  has  been  made  in  the  dual-band  radio 
chipset,  from  Atheros.Via  software  the  3000  nodes 
can  be  set  to  operate  as  either  2.4  GHz  802.1  lg  (and 
802.11b)  or  5  GHz  802.11a  radios. 

Firetide  made  several  changes  in  the  systems  soft¬ 
ware  for  the  new  products. 

The  mesh  software  now  can  search  for  the  nearest 
gateway  node,  finding  the  fastest  route  out  of  the 
mesh  to  the  wired  network. Also  new  is  QoS,  by  using 
the  Ethernet  class-of-service  framework  to  assign  dif¬ 
ferent  priorities  to  different  types  of  traffic. 

A  third  addition  is  support  for  virtual  LANs,  which 
lets  net  administrators  segregate  traffic  so  users  on  a 
given  VLAN  see  only  the  traffic  on  that  VLAN. 
Administrators  can  create  VLANs  on  the  mesh,  or 
extend  VLAN  assignments  on  the 
wired  network  over  the  mesh. 

Rivals  in  the  mesh  WLAN  arena 
include  BelAir,  MeshDynamics, 
Nortel,  Strix  Systems  and  Tropos 
Networks. 

The  3000  nodes  support  128-bit 
Wired  Equivalent  Privacy  encryp¬ 
tion  and  the  more  powerful  Ad¬ 
vanced  Encryption  Standard. 

Both  products  ship  at  the  end  of 
March.  The  indoor  3103  costs 
$895,  the  same  as  the  current 
model  1500  product  introduced 
last  November.  The  outdoor  3203 
is  $2,000.  ■ 


75M  bit/sec.  Aperto  and  a  few 
other  vendors  sell  prestandard 
WiMAX  gear,  but  services  still  are 
limited  and  likely  will  stay  so  until 
a  standard  is  set,  Baugh  says. 

While  the  DirecTV  move  and 
the  advent  of  WiMAX  might  rep¬ 
resent  blows  to  satellite  use  in 
corporate  networks,  it  always 
has  been  tough  to  build  a 
sound  business  case  around 
VSAT,  he  says. 

Businesses  can  buy  DSL  access 
for  $40  to  $200  per  month,  with 
one-time  setup  costs  of  a  few  hun¬ 
dred  dollars.  Satellite  alternatives 
from  Spacenet,  the  second-largest 
satellite  provider,  can  provide  ser¬ 
vices  in  that  per-month  range,  but 
installation  of  VSAT  dishes  cost 
much  more  —  $1,500  to  $2,500 
per  site  unless  customers  install 
gear  themselves  or  lease  it,  a 
Spacenet  spokesman  says. 

For  some  businesses,  satellite 
remains  a  good  choice  for  one 
or  two  remote  sites  that  can’t  be 
reached  by  alternative  access 
methods  such  as  DSL,  Spacenet 
says.  In  recognition  of  this, 
Spacenet  also  offers  DSL  access 
via  a  partnership  with  New 
Edge  Networks. 

In  for  a  Dollar 

Other  businesses  find  that  all¬ 
satellite  is  the  way  to  go.  Dollar 
General,  a  discount  chain  with 
7,300  stores,  opted  four  years  ago 
to  connect  them  all  to  corporate 
headquarters  in  Nashville  via 
Spacenet’s  VSAT  service.  Pre- 
viouslystores  dialed  up  at  the  end 
of  the  day  to  upload  sales  and 
inventory  data  and  download 
updates,  says  Bruce  Ash,  the 
chain’s  CIO. 

Satellite  was  definitely  less  ex¬ 
pensive  than  frame  relayAsh  says, 
although  he  wouldn’t  reveal  num¬ 
bers.  While  less-expensive  DSL 
might  have  been  available  to 
some  stores,  most  are  located  in 
rural  areas  where  DSL  is  unavail¬ 
able.  For  those  sites,  satellite  was 
the  only  possible  dedicated  ac¬ 
cess  choice,  he  says. 

Dollar  General  rejected  using 
DSL  at  some  sites  and  VSAT  at  the 
rest  for  the  sake  of  simplicity.  “We 


didn’t  want  to  manage  a  network 
with  multiple  access  methods,” 
Ash  says.  Satellite  signals  are 
affected  by  weather  —  a  snow¬ 
storm  can  break  a  connection  — 
but  so  far  interruptions  have  been 
minor  for  the  company 

The  network  enables  more 
applications,  such  as  checks  of 
credit  and  debit  cards  and  food 
stamps,  faster  than  dial-up  did, 
he  says.  And  he  tested  a 
Spacenet  VoIP  service  that  he 
might  implement. 

Because  much  of  the  voice  traf¬ 
fic  generated  by  stores  is  sent 
back  to  headquarters,  using  the 
VSAT  connection  for  phone  calls 
could  save  money  he  says. 

The  path  most  traveled 

Satellite  signals  must  travel  up 
to  the  satellites’  22,0000-mile- 
high  orbits  and  bounce  back 
down  to  Earth,  so  they  suffer  a 
minimum  of  a  quarter-second 
delay  which  is  noticeable  in  a 
voice  call. But  it  sounds  no  worse 
than  delay  on  some  cell-phone 
calls,  Ash  says,  which  is  good 
enough  for  talking  to  other  com¬ 
pany  employees  or  checking 
voice  mail.  “When  they  listen  to 
voice  mail  it  doesn’t  matter  if 
there’s  delay  or  not,”  he  says. 

Satellite  voice  quality  is  good 
enough  that  Net2Phone  offers  a 
VoIP-over-satellite  service  in 
Europe  for  small  businesses 
looking  for  inexpensive  interna¬ 
tional  calling.  It  is  available  to 
customers  that  already  buy 
Direcway  satellite  Internet 
access  from  Hughes.  Hughes  has 
not  decided  whether  to  offer  the 
VoIP  service  in  the  U.S. 

Bundling  of  other  services 
such  as  voice  and  TV  with  satel¬ 
lite  data  networking  could  help 
promote  the  technology  for  cor¬ 
porate  workers  in  home  offices, 
Baugh  says.  “If  you  are  a  satellite 
TV  subscriber,  you  might  use 
satellite  for  data.  But  if  not,  it’s 
probably  unlikely  you  would 
choose  a  satellite  circuit  unless 
you  can’t  get  a  DSL  or  cable  con¬ 
nection,”  he  says. 

Satellite  vendors  are  trying  to 
push  other  uses  of  their  services, 
such  as  a  disaster-recovery  appli¬ 
cation  to  be  offered  later  this 
year  by  Spacenet.  If  customers’ 
landlines  die,  the  satellite  will 
kick  in  and  customers  will  pay 
only  for  the  bandwidth  they  use. 

But  such  uses  are  not  likely  to 
spark  the  dramatic  growth  provi¬ 
ders  hoped  for  last  year, relegating 
satellite  use  to  connecting  hard 
to-reach  corporate  branches'  Tins 
unserved  user  that  has  no  other 
option  is  the  absolute  sweet  spot  " 
Baugh  says.  HI 
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Timetable  for  federal  employee  ID  mandate 


Aug.  27,  2004 

Presidential  directive  calls  for  common 
technology  to  ID  those  accessing  federally 
controlled  networks  and  buildings. 
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March,  2005 

NIST  expected  to  provide 
technical  detail  on  smart 
cards  and  biometrics. 


Oct.  27,  2005 

Agencies  must  have 
some  relevant 
procedures  in  place. 


. . 
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2004  I  2005 

Feb.  27, 2005 

NIST  deadline  for  smart-card 
standard  expected  to  use  X.509  digital 
certificate,  fingerprint  biometrics. 


f 


|  I  2006 

June  25, 2005 

Agencies  must  tell  how  they 
intend  to  comply  with  the 
standard. 


Oct.  26,  2006 

Full  compliance 
expected. 


FIPS 

continued  from  page  7 

called  Open  Security  Exchange, 
which  advocates  open  standards 
for  dual-use  access  methods,  says 
smart-card  manufacturers  are 
going  to  have  to  determine 
whether  they’ll  need  to  develop 
new  chipsets  for  FIPS  201. 

FIPS  201  not  aligned 

However,  NIST’s  FIPS  201  effort 
so  far  isn’t  aligned  with  the  new 
smart-card  standardization  efforts 
underway  at  ANSI,  the  American 
national  standards  body  that  is 
chaired  by  NIST,  or  at  the  interna¬ 
tional  level  at  ISO. 

Teresa  Schwarzhoff,  smart-card 
program  manager  at  the  Depart¬ 
ment  of  Commerce,  said  NIST 
would  try  to  work  toward  stan¬ 
dards  convergence,  although  it 
wasn’t  exactly  clear  how  that 
would  occur. 

“Typically  you  take  two  years  to 


do  a  FIPS,”  she  noted  during  her 
presentation  at  the  RSA  Con¬ 
ference.  “We  had  six  months.” 

Schwarzhoff  said  an  inter¬ 
agency  group  called  the  Federal 
Identity  Credentialing  Committee 
is  preparing  to  release  what  it 
calls  the  Identity  Management 
Handbook ,  concurrent  with  FIPS 
201,  to  help  orient  agencies. 

Judith  Spencer,  chair  of  the  fed¬ 


eral  PKI  Steering  Committee  at 
the  General  Services  Administra¬ 
tion,  says  the  government  might 
pursue  a  shared-acquisition  strat¬ 
egy  so  that  small  agencies  can 
join  with  larger  agencies  on  FIPS 
201-based  purchases. 

Cost  for  the  mandated  smart- 
card  credentials  is  a  concern  for 
many  agencies.  In  comments  to 
NIST  last  December,  the  Tennes¬ 


see  Valley  Authority  stated:  “Be¬ 
cause  [our]  fiscal  year  ’05  budget 
has  already  been  approved.it  will 
be  very  difficult  to  change”  it  to 
pay  for  FIPS  201  activities.  It  asked 
NIST  to  go  slow  on  what  it  ex¬ 
pects  agencies  to  accomplish  by 
October;  which  is  the  deadline 
the  president  set  for  at  least  some 
procedures  related  to  dual-use 
smart  cards  to  be  in  place.  ■ 


Gordano  adds  Windows-based  INI  client 

Messaging  vendor  aims  to  capture  users  of  aging  Exchange  5.5  systems. 


■  BY  JOHN  FONTANA 

Messaging  vendor  Gordano  this 
week  is  scheduled  to  add  a 
Windows-based  instant-messag¬ 
ing  client  to  its  suite  of  collabora¬ 
tion  software  that  lets  customers 
keep  their  Outlook  front  ends 
while  replacing  their  Exchange 
infrastructure. 

The  IM  client  works  with  the 
Instant  Messenger  module  of  the 
company’s  Gordano  Messaging 
Server  (GMS).The  client  adds  a 
pair  of  drop-down  menus  to  Out¬ 
look  that  give  users  the  ability  to 
send  instant  messages  from  a  sep¬ 
arate  message  box  that  pops  up 
on  screen.  The  client  also  sup¬ 
ports  the  sending  of  pager  mes¬ 
sages,  and  the  sending  and  re¬ 
ceiving  of  Short  Message  Service 
messages  from  the  desktop  to 
mobile  phones.  Return  messages 
are  converted  to  email  and  deliv¬ 
ered  to  the  user’s  in-box. 

Gordano’s  current  IM  client  is 
an  entirely  separate  application 


Correction 


.  ■  In  the  story  "Gutting  the 
O  cord  on  thin  clients"  (Feb.  21, 
1  page  20),  a  product  name 
ft  should  have  been  listed  as 
1  9455X1.. 


and  is  written  in  Java.  The  new 
client  is  integrated  directly  into 
Outlook  using  Microsoft’s  APIs. 
This  is  the  latest  step  in  Gordano’s 
year-long  effort  to  align  Outlook 
with  GMS. 

“It  is  nice  to  have  everything  in 
one  package  with  GMS,”  says 
Justin  Graf,  IT  director  of  Empro 
Manufacturing,  an  Indianapolis 
company  that  makes  electrical 
resistors  used  mostly  in  telecom.“I 
don’t  have  to  run  multiple  ven¬ 
dors’  products,  like  Symantec’s 
anti-virus,  someone  else’s  spam  or 
filtering  tools.”  Graf  deployed  GMS 
instead  of  Exchange  last  year  to 
avoid  what  he  called  administra¬ 
tive  headaches  with  the  Microsoft 
server. 

Gordano  —  and  other  vendors 
such  as  Stalker,  Rockcliffe,  Mira- 
point,  Scalix,  IPSwitch  and  Send- 
mail  — -  have  targeted  users  of 
Microsoft’s  aging  Exchange  5.5. 
Those  users  still  make  up  30%  of 
the  Exchange  installed  base, 
according  to  Microsoft, which  late 
last  year  extended  fee-based  sup¬ 
port  for  Exchange  5.5  until 
December  2005. 

While  Microsoft  hopes  to  con¬ 
vert  those  users  to  Exchange 
2003,  vendors  such  as  Gordano 
see  Outlook  support  as  a  way  for 
administrators  to  swap  out  back¬ 
end  servers  without  disrupting 
the  familiar  client  interface. 

The  GMS  Instant  Messenger 
includes  a  content-checking  fea- 


Instant  messaging 

Gordano  has  added  a  Windows-based  instant-messaging 
client  to  its  collaboration  suite  and  integrated  it  with 
Microsoft’s  Outlook  client. 
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The  Gordano  IM  client 


adds  a  drop-down  menu 
to  the  Outlook  interface. 


A  separate  window  not 
connected  to  Outlook  shows 
users  a  buddy  list  of  who  is  online 
and  offline. 


ture  to  ensure  IM  messages  ad¬ 
here  to  corporate  messaging  poli¬ 
cies,  and  is  integrated  with  GMS 
features  that  support  archival  and 
retrieval  to  aid  in  regulatory  com¬ 
pliance.  All  server  traffic  is  pro¬ 
tected  using  SSL  encryption. 

Gordano’s  IM  support  is  for 
internal  IM  only  and  does  not 
integrate  with  public  services 
such  as  AOL,  MSN  or  Yahoo. 

The  company  also  has  added 
anti-spam  enhancements,  includ¬ 


ing  scoring  of  restricted  words  to 
fine-tune  blocking  and  the  ability 
for  a  server  to  receive  automatic 
anti-spam  updates. 

GMS  also  runs  cross-platform 
and  supports  Windows  NT,  XR 
2000  and  2003;  Solaris;  AIX;  and 
various  Linux  versions,  including 
Red  Hat,  Novell,  Mandrake  and 
Debian. 

The  GMS  IM  module  is  priced  at 
about  $1  per  user  for  10,000 
users.  ■ 
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NETWORK  SECURITY 


L _ 

WOLVES  PROWL  OUTSIDE  -  OR  WORSE,  INSIDE  -  YOUR  NETWORK. 
NEED  PROOF?  CONSIDER: 

Malicious  code  attacks  on  company  networks  to  steal  confidential  information 
has  risen  nearly  50%. 

77%  of  companies  cited  employees  as  a  likely  source  of  hacking. 

93%  of  companies  who  lose  data  center  access  for  10  days  file  bankruptcy  within 
a  year.  Half  file  immediately. 

A  network  breach  compromising  corporate  data  costs  on  average  $475,000 
in  losses  and  recovery. 


YOU’RE  IN  A  RACE  YOU  CAN’T  WIN  AGAINST  AN  INTRUDER  YOU  WONT  DETECT. 
UNLESS  YOU  JUNIPER  YOUR  NET,  NOW. 


►  UNRIVALED,  INTRINSIC  NETWORK  SAFETY.  ONLY  FROM  JUNIPER. 

A  Juniper  network  is  simply  more  secure.  Why?  Security  is  inherent  in  our  exclusive 
operating  system:  Clean  code  =  unparalleled,  impenetrable  security. 

►  SECURE,  ASSURED  NETWORKING.  ONLY  FROM  JUNIPER. 

No  restraints:  The  network  works  for  you,  not  vice  versa.  No  compromises:  It’s 
unprecedented  application  layer  intelligence  -  your  network  understands  who 
you  are  and  what  you  are  doing,  second-by-second,  end-to-end.  No  kidding:  That’s 
Juniper’s  Secure  &  Assured  Networking.  Security,  with  assured  performance,  means 
a  network  tailored  to  you  -  exactly  -  for  unfaltering  control.  Just  because  users  have 
access  doesn’t  mean  they  should  have  the  run  of  all  resources.  Juniper’s  deep 
inspection  firewalls,  Intrusion  Detection  and  Prevention  and  application-aware  remote 
access  SSL  VPNs  deliver  application-level  security  -  for  application-specific  quality, 
network  wide.  It’s  a  purpose-built  platform  ever-monitoring  critical  apps,  data  and 
intellectual  property. 

Juniper  architecture  is  wholly  interoperable  with  the  world’s  largest  networks  and 
totally  uncompromised  by  connections  to  legacy  equipment.  Another  reason  Juniper 
means  lower  TCO. 

►  ENTERPRISING,  ENTERPRISE-PROVEN  SOLUTIONS?  ONLY  TRUST  JUNIPER. 

Juniper’s  carrier-class  performance,  intelligence  and  security  -  once  available  only  to 
service  providers  -  is  here  for  your  enterprise.  That’s  why  we’re  the  brand  of  network 
security  chosen  by  many  of  the  governmental  agencies  and  financial  titans  who  underpin 
our  nation’s  strength  and  stability.  And  why  you  can  embrace  the  multiple  applications, 
platforms  and  configurations  your  ever-changing  network  throws  at  you. 

Rest  easy  knowing  Juniper  products  -  and  our  sophisticated  security  -  mean  incredible 
scalability,  while  still  providing  superior  speed,  reliability  and  performance. 

►  WHAT  YOU  CAN  DO  NOW:  ONLY  CALL  JUNIPER.  / 

For  more  information  -  including  innovative,  ' 
insightful  case  studies  and  white  papers  -  go  to: 

http://www.juniper.net/solutions/literature/ 


www.juniper.net 


888-JUNIPER  (888-586-4737) 
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Dartmouth  retools  for  Wi-Fi  video 


■  BY  TiM  GREENE 

Dartmouth  College  has  embraced 
Wi-Fi  for  data  so  enthusiastically 
that  the  school’s  IT  chief  is  leap¬ 
ing  into  voice  and  video  over  Wi-Fi.  A 
venture  that  calls  for  tripling  the  num¬ 
ber  of  access  points  on  campus,  swap¬ 
ping  out  old  wireless  gear  for  smarter 
equipment  and  partnering  with  a  start¬ 
up  that  is  still  putting  the  finishing 
touches  on  its  technology. 

With  video  set  to  go  into  production  in 
April,  the  Hanover,  N.H., school  is  beefing 
up  its  Wi-Fi  network  to  support  four  chan¬ 
nels  of  educational  video,  says  Brad 
Noblet,  director  of  technical  services  for 
the  college.  “We  have  a  little  over  600 
access  points  today  covering  150  build¬ 
ings  in  a  mile  square.  I’m  going  to  come 
close  to  tripling  that  in  order  to  increase 
the  amount  of  bandwidth  so  I  can  deliver 
video  and  handle  a  number  of  concur¬ 
rent  VoIP  telephone  conversations.” 

The  current  Wi-Fi  network,  based  on 
Cisco  gear,  is  used  primarily  for  e-mail, 
instant  messaging  and  Web  surfing,  he 
says,  but  the  school  has  greater  needs. 

“A  lot  of  the  faculty  feel  like  to  capture 
the  attention  of  their  students,  they  have 
to  do  more  than  just  stand  there  and  talk,” 
he  says.That  means  adding  video  presen¬ 


tations  as  part  of  the  curriculum. 

Ideally  that  would  mean  student  laptop 
access  to  audio,  video  and  data  in  class¬ 
rooms,  but  that  would  require  an  Ether¬ 
net  jack  at  each  desk,  a  huge  infrastruc¬ 
ture  upgrade.“We  want  to  take  four  chan¬ 
nels  for  teaching  and  learning  and  make 
those  available  on  wireless  as  well  as 
wired  so  we  can  again  have  this  mobile 
classroom  effect,”  Noblet  says.  “You  don’t 
need  a  smart  classroom.”  The  new  wire¬ 
less  gear  will  support  existing  data  appli¬ 
cations  and  Internet  access. 

The  school  has  teamed  up  with  Video 
Furnace,  a  start-up  that  multicasts  video 
to  laptops  using  client  software  agents 
downloaded  to  PCs  when  users  select 
the  encrypted  videostreams  they  want. 
The  company  supports  Macintosh,  Linux 
and  Windows  operating  systems,  all  of 
which  are  used  on  campus.  In  addition  to 
supporting  the  educational  streams, 
Video  Furnace  also  will  deliver  commer¬ 
cial  cable  TV  to  the  campus  over 
Dartmouth’s  converged  wired  IP  net¬ 
work,  Noblet  says. 

Because  each  computer  needs  400K 
to  2M  bit/sec  of  bandwidth  to  screen 
video  content  (depending  on  screen  size 
and  resolution),  efficient  use  of  band¬ 
width  is  key 

See  Dartmouth,  page  20 


Video  strains  Wi-Fi 

Dartmouth  College  is  tripling  the  density  of  its  Wi-Fi  access  points  to 
support  video,  and  it  is  installing  smart  switches  that  load  balance 
access  and  adjust  signals  to  maximize  coverage  area. 

Wireless  access  points 


1 


O  Aruba  switches  in  high-use  areas  ©  Video  Furnace  servers  download  ©  The  locations  of  users  with  Vocera 
such  as  dorms  load  balance  access  client  software  to  PCs  that  have  VoIP  devices  can  be  determined  via 

requests  to  make  the  most  efficient  authenticated  and  multicast  the  wireless  switches.  In  the  future, 

use  of  access  points  and  adjust  video.  servers  will  be  able  to  send  users 

transmission  power  to  maximize  information,  such  as  when  not  to  use 

coverage  area.  equipment  located  in  a  given  room. 


Packeteer  device  could  set  off  price  war 


■Takes 

■  3Com  is  adding  a  filtering  service 
to  its  router  and  firewall  products  for 
small-business  networks.  Users  now 
can  add  a  $99  monthly  service  from 
SurfControl,  an  e-mail  and  Web  con 
tent  filtering  company.  The  service 
lets  users  create  settings  for  blocking 
incoming  spam  and  outgoing  access 
to  unauthorized  sites.  Products  sup¬ 
porting  this  service  include  the  3Com 
OfficeConnectVPN  Firewall,  the 
Off  iceConnect  Router  and  Wireless 
11g  Cable/DSL  Router. 


■  BY  TIM  GREENE 

Packeteer  is  introducing  a  WAN-optimiz- 
ing  appliance  for  businesses  that  could 
trigger  a  price  war  among  vendors  of  such 
gear. 

Called  Packetseeker  1200,  the  device  was 
designed  to  be  deployed  in  large  numbers 
of  branch  offices,  giving  better  perform¬ 
ance  to  WAN  traffic  as  an  alternative  to 
companies  buying  more  bandwidth. 

Pricing  for  Packetseeker  1200,  including 
compression,  ranges  from  $2,400  to  $3,200, 
depending  on  the  size  link  it  is  licensed  to 
support,  either  128K,  512K  or  2M  bit/sec. 
This  is  significantly  different  pricing  from 
competitors  Expand  Networks  and  Fteribit 


Networks,  whose  2M-bit/sec  devices  cost 
more  than  twice  as  much, says  Gerald  Mur¬ 
phy,  director  of  infrastructure  strategies  for 
Meta  Group.  For  example,  Expands  Accel¬ 
erator  4800  2M-bit/sec  device  costs  $9,500. 

The  1200  device  is  based  on  Packeteer 
1550  hardware  but  with  performance 
trimmed  to  achieve  the  lower  price. 

Murphy  predicts  other  vendors  will  drop 
their  higher-end  prices  because  the  savings 
customers  can  reap  by  buying  the 
Packeteer  devices  will  override  whether  it 
actually  boosts  performance  as  well  as 
some  other  vendors’  boxes. 

This  type  of  appliance  sits  at  either  end  of 
WAN  links  and  performs  a  series  of  func¬ 
tions  on  traffic  to  get  more  of  it  to  flow  over 


a  fixed-size  link  and  to  give  priority  to 
important  applications.  But  no  two  ven¬ 
dors’  devices  are  exactly  the  same.  For 
example,  two  vendors  might  both  use  com¬ 
pression  but  use  different  compression 
algorithms.  Or  they  might  use  different 
mixes  of  compression,  traffic  shaping, 
queuing,  caching  and  rate  control  to  boost 
performance,  but  not  use  the  same  combi 
nations  of  these  methods. 

Customers  must  test  the  products  to  see. 
which  one  makes  the  most  improvements 
to  their  particular  traffic  mixes. 

Packeteer  1200  can  distinguish  t' 
classes  of  traffic  and  create  32  bandw.d’v. 
policies  to  determine  which  class;  ,  a 
how  much  of  the  available  bandwidth  $ 
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continued  from  page  19 

Bandwidth  for  802.11a  is  provided  at 
55M  bit/sec  using  its  own  radio  frequency 

802.1  lb  supports  11M  bit/sec, and  802.1  lg 
supports  55M  bit/sec,  but  802.11b  and 

802.1  lg  share  the  same  frequency  If  an 

802.1  lb  device  associates  with  an  access 
point,  the  access  point  drops  down  to 
1 1M  bit/sec  for  802.1  lg  users. 

That  led  Noblet  to  choose  802.11a.Tm 
going  to  be  able  to  get  on  the  order  of  20 
to  25  streams  per  access  point,”  he  says. 

Noblet  is  packing  access  points  in  high 
density  for  areas  such  as  dorms  that  are 
likely  to  have  large  numbers  of  users,  to 
ensure  coverage  during  peak  times.  He  is 
swapping  out  Cisco  access  points  for 
Aruba  Wireless  Networks  access  points 


because  Aruba  supports  intelligent 
switching.  “Cisco  was  not  in  that  game” 
when  he  started  the  project,  he  says. 

The  intelligence  he  wants  includes 
Aruba  wireless  switches’  ability  to  load 
balance  requests  from  laptops.  In  an 
area  with  overlapping  access  points,  the 
switches  send  messages  that  force  lap¬ 
tops  to  less-busy  access  points  to  maxi¬ 
mize  the  number  of  users  associated 
with  the  wireless  network. 

The  switches  also  adjust  power  of 
access  point  transmissions  to  maximize 
the  area  in  which  wireless  devices  can  get 
a  signal. 

The  intelligent  switches,  in  combination 
with  mapping  tools,  also  make  it  easier  to 
install  access  points  effectively  “The  wire¬ 
less  switch  can  force  access  points  to  sig¬ 
nal  one  another  so  they  can  get  an  indi¬ 
cation  of  who  can  hear  who  and  develop 
a  coverage  map  that  gets  plotted  graphi¬ 


cally  on  a  screen,”  Noblet  says.  Using  that 
map,  technicians  installing  access  points 
can  see  where  more  access  points  are 
needed.“When  we  put  up  the  original  600 
access  points,  it  damn  near  killed  us  to  do 
it  manually’ he  says. 

The  tool  plots  Wi-Fi  coverage  on  archi¬ 
tectural  drawings  of  buildings.  “So  I  can 
see  how’s  my  coverage  in  this  given  build¬ 
ing  and  be  able  to  pinpoint  where  I  need 
to  move  an  access  point  or  maybe  I  need 
to  add  an  additional  access  point,’ ’he  says. 

Noblet  spent  a  lot  of  time  with  Aruba 
developing  location-sensing  tools  to  go 
along  with  the  switches.  Now  the  switches 
can  tell  him  the  rough  location  of  a  wire¬ 
less  device  associated  with  the  network, 
and  this  can  help  run  the  campus  more 
efficiently 

For  instance,  a  student  on  an  unstaffed 
floor  of  the  library  who  is  wearing  a  VoIP 
communicator  badge  made  by  Vocera 


could  ask,  “Where  are  the  Shakespeare 
folios  located?”Voice  recognition  software 
would  translate  the  question  and  deliver 
an  automated  voice  response  to  tell  the 
student  where  the  folios  are  in  relation  to 
where  the  questioner  is  standing. 

Similarly, students  with  laptops  in  a  lab 
could  query  a  server  how  to  use  the 
piece  of  lab  gear  sitting  in  front  of  them, 
and  the  server  could  respond  with  a 
Web  page  containing  a  user  manual. 

The  video  project  should  also 
increase  use  of  VoIP  over  Wi-Fi.  Most  Wi¬ 
Fi  VoIP  phones  employ  802.11b,  which 
supports  only  eight  concurrent  VoIP 
calls.  More  access  points  means  support 
for  more  VoIP  Noblet  says,  which  should 
help  accelerate  the  college’s  migration 
to  VoIP  So  far  about  4,000  of  7,000 
phone  lines  have  been  converted  to 
VoIP  but  only  a  few  hundred  of  those 
today  are  W-Fi,  he  says.  ■ 


Software  upgrade  adds  WAN  load  balancing  to  Foundry  switches 


■  BY  PHIL  HOCHMUTH 

A  software  upgrade  for  Foundry  Net¬ 
works’  ServerlronXL  can  let  users  simplify 
WAN  and  Internet  connection  links,  config¬ 
ure  failover  connections  and  allocate 
bandwidth  for  specific  applications  run¬ 
ning  over  an  IP  WAN. 

Foundry  says  its  TrafficWorks  Link  Load 
Balancer  software  for  the  ServerlronXL 
switch  can  streamline  how  a  business  con¬ 


nects  to  multiple  ISPs  or  carriers  by  simpli¬ 
fying  the  management  of  bandwidth  on 
multiple  WAN  links. 

The  company  says  the  TrafficWorks  Link 
Load  Balancer  software  on  the  Server¬ 
lronXL  can  be  used  instead  of  running 
Border  Gateway  Protocol  Version  4  (BGP-4) 
on  enterprise  WAN  routers.This  protocol  is 
used  in  large  business  IP  networks  and  car¬ 
rier  networks  to  handle  multiple  connec¬ 
tions  to  different  service  providers.  Foundry 


says  that  users  can  manage  multiple  WAN 
links  more  easily  by  installing  a  Server¬ 
lronXL  with  TrafficWorks  next  to  a  router,  in¬ 
stead  of  configuring  the  router  to  run  BGP- 
4,  which  requires  an  IT  staff  with  advanced 
Internet  protocols  knowledge. 

The  ServerlronXL  adds  features  not  sup¬ 
ported  in  BGP-4,  including  bandwidth  opti¬ 
mization  and  network  health  checking, 
which  lets  the  device  send  traffic  around 
congested  or  downed  links.  Foundry  says. 


Its  ServerlronXL  switches  have  traditional¬ 
ly  been  deployed  in  data  centers  for  server 
load  balancing.  A  ServerlronXL  with  Link 
Load  Balancer  capabilities  would  be 
deployed  behind  a  WAN  router,  connecting 
through  a  10/100/1000M  bit/sec  Ethernet 
port.  When  processing  WAN  traffic,  the 
device  can  handle  up  to  300M  bit/sec  of 
throughput  —  the  equivalent  of  sixT-3  links. 

ServerlronXL  switches  also  can  provide 
See  Foundry,  page  21 
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Like  most  things  in  technology  VoIP 
was  talked  about  for  years  before  it 
became  a  part  of  the  enterprise  main¬ 
stream.  The  opposite,  it  seems,  is  the  case 
with  VoIP  services.  While  Vonage  and  Net2- 
Phone  have  been  around  for  a  few  years,  of 
late  they  and  their  competitors  have  been 
blasted  into  public  view  advertising  like 
mad  around  the  Web,  as  well  as  on  tradi¬ 
tional  media  such  as  TV  And  soon,  they’ll 
go  after  you. 

While  VoIP  services  have  been  targeted  at 
the  mass  consumer  market,  many  of  the 
companies  have  rapidly  expanded  their 
purview  to  include  “business-class”  ser¬ 
vices.  So  ready  or  not,  you’ll  be  hearing 
from  them. 

Who  are  these  companies  and  what  are 
the  services  they  offer?  Well,  the  list  reads 
like  one  of  those  many  ancestry  sections  of 
the  Bible,  but  you  might  as  well  get  a  feel 
for  the  onslaught.  For  many  of  these  com¬ 
panies,  the  service  and  the  company 
names  are  identical. So  I’ll  only  list  the  ven¬ 
dor  (in  parenthesis)  where  the  two  differ 
—  in  the  official  order  they  were  stumbled 
upon  by  yours  truly 

Prepare  to  grapple  with  Vonage,  Lingo 
(Primus),  Skype,  Net2Phone,  Packet8  (8x8), 
SIPphone,  CallVantage  (AT&T),  VoiceWing 
(Verizon),  BroadVoice,  VoicePulse.  Even 


Girding  for  the  VoIP  services  onslaught 


vendors  that  traditionally  have  focused  on 
selling  hardware  have  gotten  into  the  fray 
—  Belkin  is  offering  a  VoIP  service  under 
the  callEverywhere  brand. 

And  there  are  many  more.  A  quick  search 
while  writing  this  piece  brought  me  links  to 
VoIPWorX,  Dialpad,  FWD,  Covad  —  it  goes 
on  and  on.  (I  apologize  in  advance  to  the 
myriad  companies  I’ve  failed  to  mention.) 

The  services  are  what  you  might  expect: 
the  ability  to  make  and  receive  calls  using 
your  broadband  Internet  connection.  Most 
of  the  services  have  pretty  impressive  lists 
of  advanced  options,  including  voice  mail, 
conference  calling,  find  me  and  integrated 
fax  support. 

What  do  they  want  from  you?  For  starters, 
they’ll  take  your  small  remote  offices.  You 
know,  the  ones  that  look  remarkably  like 
the  homes  they’re  targeting  already  For 
these  sites  that  don’t  have  a  physical  PBX, 
they  provide,  in  essence,  a  virtual  PBX 
replete  with  all  the  advanced  functions 
you’d  expect. 

Their  arguments  are  compelling  finan- 
ciallyAt  a  minimum,  your  smallest  one-per¬ 
son  office  is  likely  running  telco  services 
that  consist  of  a  broadband  connection,  at 
least  one  voice  trunk  and  a  fax  number. 
Monthly  connection  charges  can  be  push¬ 
ing  $75  with  usage  layered  on  top  of  that. 

Using  a  VoIP  service, you  can,  for  example, 
get  500  minutes  of  U.S.and  Canada  calls  for 
a  total  of  $14.99  per  month.  Adding  a  fax 
line  bumps  it  up  $10.  Pretty  impressive. 

In  the  past,  a  major  disincentive  to  move 
services  would  be  the  implicit  cost  of  hav¬ 


ing  all  your  contacts  need  to  reach  you  at  a 
new  number.  And  along  with  that,  the  need 
to  update  stationery,  Web  pages,  business 
cards  and  so  forth.  Now  that  you  can  take 
your  number  with  you,  a  major  stumbling 
block  is  removed. 

About  the  only  thing  that  you  can’t  get 
with  these  new  VoIP  services  is  your  tradi¬ 
tional  enhanced  91 1  service.  It  exists,  but 
with  caveats. You  have  to  register  the  physi¬ 
cal  location  of  your  phone  (and  re-register 
if  and  when  you  move  it)  so  the  authorities 
know  where  to  dispatch  help;  and,  obvi- 


Foundry 

continued  from  page  20 

denial-of-service  attack  blocking,  by  recog¬ 
nizing  spikes  in  TCP  traffic  messages  and 
shutting  down  suspicious  flows. 

Foundry  had  focused  mostly  on  LAN 
edge  and  core  products,  with  its  Server- 
Iron,  Fastlron  and  Biglron  Gigabit  Ethernet 
switches.The  addition  of  WAN  traffic  man¬ 
agement  to  the  ServerlronXL  is  another 
step  toward  the  enterprise  edge;  last  year, 

Foundry  introduced  its  first  WAN  routers 
to  challenge  Cisco’s  2600  and  3600  series 
products.  With  its  traffic-managing  box, 
Foundry  competes  with  Allot,  DeepNines, 
Expand  Networks,  Packeteer  and  Peribit 
Networks.  In  the  Layer  4-7  market, 
Foundry’s  ServerlronXL  competes  with 
offerings  from  Cisco,  F5  Networks,  Net- 
Scaler,  Nortel,  Redline  and  Radware. 

Layer  4-7  switching  was  at  its  zenith  dur- 


ouslyif  your  broadband  is  down, your  E91 1 
vanishes. 

We’ve  already  started  benchmarking 
voice  quality  of  a  number  of  these  services 
and,  overall,  the  results  are  impressive 
(read  the  report  at  www.nwfusion. 
com,  DocFinder:  6087). Services  are  proba¬ 
bly  in  your  future. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  testing 
company  in  Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@toIly.com. 


ing  the  dot-com  bubble,  as  Internet  com¬ 
panies  spent  money  on  gear  to  make 
Web  sites  more  accessible.  But  since  the 
bubble’s  burst,  Layer  4-7  vendors  have 
looked  for  other  ways  to  apply  their 
deep-packet  forwarding  technology,  such 
as  security,  VoIP  prioritization  and  now 
WAN  optimization. 

“That  whole  [Layer  4-7]  market  never 
really  took  off  as  much  as  it  had  been 
hyped,”  says  Max  Flisi,an  analyst  with  IDC. 
“But  it  never  really  went  away,  either’’ 

Flisi  says  that  the  application  Layer  4-7 
technology  to  new  areas  in  a  network  is 
part  of  a  trend  toward  adding  more  intelli¬ 
gence  to  routers  and  switches.“lt’s  another 
example  of  the  network  layer  becoming 
more  intelligent,”  he  says. 

The  TrafficWorks  Link  Load  Balancer 
software  is  available  as  a  free  upgrade  for 
ServerlronXL  users  with  support  contracts. 
ServerlronXL  switches  start  at  $9,000.  ■ 
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When  business  losses  are  measured  in 
seconds,  preemption  beats  “reaction”  every  time. 


The  only  effective  security  is  preemption.  This  preemptive  power  is  only  available 
with  the  Proventia™  ESP  Security  Platform  from  Internet  Security  Systems.  When  software  security 
flaws  are  discovered,  Internet  Security  Systems’  world-renowned  research  team  updates 
Proventia  to  immediately  shield  against  any  attacks  targeting  weak  spots.  Regardless 
of  the  size  of  your  business,  this  new  standard  in  Internet  security  can  help  keep 
you  off  the  path  to  disaster  and  reduce  your  total  cost  of  ownership  -  In  fact,  when 
we  manage  Proventia  for  you,  we'll  even  guarantee  protection.  Need  proof? 
Get  your  free  whitepaper,  Preemptive  Protection:  Setting  a  New  Standard  in  Security, 
at  www.iss.net/proof/wp  or  call  800-776-2362. 
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EtherScope™ 
Network  Assistant 


Introducing  the  EtherScope™  Network  Assistant 
-  your  eyes  into  the  network  to  help  you  spot 
problems  and  solve  them  faster  than  ever.  You 

don't  have  time  for  trial  and  error.  Or  methods 
that  only  provide  part  of  the  picture.  That's  why 
Fluke  Networks'  new  EtherScope  analyzer,  with  its 
immediate  discovery  and  fast  diagnostics,  helps 
you  quickly  isolate  urgent  problems  on  your  giga¬ 
bit  network  as  well  as  those  nagging  issues  that 
may  be  keeping  it  from  performing  at  optimum 
level.  Fast.  Accurate.  EtherScope.  So  you'll  have 
more  time  to  get  to  the  several  dozen  items  on 
your  "to  do"  list.  Visit  our  web  site  and  check  out 
the  virtual  demo.  Then  request  a  test  drive  in  your 
office  -  on  your  network.  Decide  for  yourself 
whether  or  not  EtherScope  Network  Assistant  will 
be  your  next  new  hire. 


Your  network  assistant  is  waiting 
to  show  you  what  it  can  do  to  help 
make  your  job  easier.  Just  go  to 


and  take  a  tour  of  the  virtual  demo. 


Test  Results 
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IBM  strengthens  storage  mgmt.  line 


Smarter  storage 

IBM’s  SAN  Volume  Controller  2.1,  which  comes  in  the  form  of  a  two-node 
cluster  of  x335  Xeon  servers  and  management  console  software,  is 
designed  to  help  companies  easily  retrieve  data,  regardless  of  where 
they  store  it. 
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©  Hie  SAN  Volume  Controller  ©  Any  server  can  retrieve  data  ©  Different  brands  and  ©  Policies,  such  as  how  data 
can  tap  multiple  storage  from  this  virtual  pool  classes  of  storage  is  pooled  or  copied  for 

arrays  and  offer  capacity  without  needing  to  know  systems  can  contribute  disaster-recovery 

to  servers  in  the  form  of  where  the  data  physically  to  the  virtual  data  pool,  purposes,  are  set  from  the 

a  virtual  disk.  resides.  management  console. 


■  BY  DENI  CONNOR 

IBM  has  upgraded  its  tape  and  disk  sys¬ 
tems  and  its  storage  management  software 
to  help  customers  more  efficiently  handle 
data  from  creation  to  deletion. 

Such  offerings  are  commonly  referred  to 
as  making  up  an  information  life-cycle 
management  (1LM)  system,  in  which  data 
can  be  stored  on  systems  that  make  the 
most  sense  from  a  speed  and  price  stand¬ 
point,  depending  on  the  nature  of  the  data. 

IBM’s  ILM  strategy  while  similar  to  those 
from  EMC  and  HP  is  only  part  of  the  com¬ 
pany’s  on-demand  computing  vision,  in 
which  resources  can  be  dynamically 
shifted  and  allocated  according  to  need. 

The  company  is  incorporating  the  latest 
Linear  Tape  Open  3  technology  into  its 
tape  drives,  libraries  and  autoloaders,  en¬ 
abling  media  to  be  read  by  any  LTO-com- 
patible  drive  from  HPIBM  or  Quantum.  IBM 
says  its  Ultrium  LTO  3-enabled  libraries, 
which  run  at  up  to  80M  byte/sec,  have  dou- 


■  NeoPath  Networks,  a  maker  of 
network  file  management  products, 
has  named  Alan  Baratz  its  president 
and  CEO.  Baratz  has  recently  been 
involved  in  private  equity  research 
and  has  led  a  few  small  technology 
companies,  including  collaboration 
company  Zaplet.  Earlier,  he  headed 
Sun's  Software  Products  and 
Platforms  division. 

■  Intel  says  it  plans  to  unveil  technol¬ 
ogy  for  improving  the  transfer  of  data 
from  clients  to  server-based  applica¬ 
tions  at  its  developer  forum  during  the 
first  week  of  March.  The  I/O  Accel¬ 
eration  Technology  includes  soft 
ware  enhancements  to  the  TCP/IP 
stack  and  new  network  controllers. 
The  combination  lets  a  processor 
take  on  more  of  the  I/O  tasks  when 
otherwise  it  would  have  sat  idle  wait¬ 
ing  for  the  network  controller  to  move 
data  along,  Intel  says.  Intel  server 
processors  and  chipsets  with  the 
technology  are  scheduled  to  be  avail¬ 
able  next  year. 


ble  the  performance  and  capacity  of  earli¬ 
er  LTO  2  offerings.  IBM  also  has  introduced 
a  dual-robotics  feature  for  its  TotalStorage 
3584  tape  library  that  doubles  the  tape 
mount  performance. 

On  the  disk  front,  IBM  announced  that  its 
DS4000  subsystem  now  uses  146G-byte, 
15,000-rpm  and  300G-byte,  10,000-rpm 
Fibre  Channel  disk  drives  for  total  capacity 
of  more  than  67T  bytes  in  a  midrange  stor¬ 
age  system.  This  lets  customers  choose 
faster  drives  for  their  business-critical  data 
and  slower,  higher-capacity  drives  for  less- 
important  or  archival  data. 

To  enable  more  control  of  storage  envi¬ 
ronments,  IBM  announced  Version  2.1  of  its 
TotalStorage  SAN  Volume  Controller,  which 
includes  a  migration  capability  that  lets 
data  be  moved  between  disk  arrays  from 
different  vendors. 

Chuck  Long,  SAN  administrator  for 
Safelite  Autoglass  in  Columbus,  Ohio,  has 
used  the  software  to  migrate  data  from  one 
IBM  storage  array  to  another. 

“We  migrated  2T  bytes  in  an  hour  and  a 
half,”  Long  says.“Nobody  [on  the  network] 
had  any  idea  it  was  being  done.  It  would’ve 
taken  late  into  the  night  before.” 

Long,  who  has  virtualized  about  two- 
thirds  of  his  storage  environment,  has  sev¬ 
eral  IBM  Enterprise  Storage  Servers  as  well 
as  DS4300  and  DS4400  midrange  arrays. 

SAN  Volume  Controller  2.1  also  can  pool 
data  on  Sun  StorEdge  9910,9960,9970  and 
9980  arrays.  It  is  priced  on  a  per-terabyte 
basis.  Users  pay  for  only  the  number  of  ter¬ 
abytes  they  virtualize. 

SAN  Volume  Controller  supports  a  form  of 
symmetrical  virtualization  in  which  all  data 
from  host  computers  or  storage  systems 
passes  through  it,  where  it  can  control  the 


■  BY  ROBERT  MCMILLAN 

IBM  last  week  announced  a  computer 
system  architecture  and  chipset  that  will 
form  the  basis  of  the  next  generation  of  the 
company’s  xSeries  servers. 

IBM  says  it  plans  to  ship  the  first  server 
based  on  these  new  technologies,  a  four- 
processor  system  called  the  xSeries  366 
(x366),in  the  next  few  months.The  system, 
which  will  run  operating  system  software 
from  Microsoft,  Red  Hat  and  others,  will 
start  at  less  than  $7,000,  IBM  says. 


actions,  such  as  Flashcopy  or  Peer-to-Peer 
Remote  Copy  that  are  taken  on  the  data. 

The  software,  which  is  implemented 
on  a  clustered  pair  of  xSeries  335  servers 
running  Linux  or  on  Cisco’s  MDS9000 
Fibre  Channel  director-level  switches, 
works  with  Windows,  AIX,  Red  Hat  Linux, 
Solaris  and  HP-UX  hosts.lt  works  with  stor¬ 
age  arrays  from  IBM,  Hitachi  Data 


Using  technologies  from  IBM’s  main¬ 
frame  and  supercomputer  businesses,  the 
x3  architecture  is  designed  to  improve  the 
performance  of  Intel’s  Xeon  processors.  It 
has  been  three  years  in  development  and 
is  the  latest  generation  of  the  Enterprise  X- 
Architecture,  which  IBM  introduced  in 
2001.  IBM  has  invested  more  than  $100  mil¬ 
lion  in  x3’s  development,  it  said  in  a  state¬ 
ment,  and  will  use  the  architecture  as  the 
basis  of  future  Xeon  systems  with  four  or 
more  processors. 

IBM  also  is  introducing  an  XA-64e 


Systems,  EMC,  HP  and  Sun. 

TotalStorage  tape  drives,  libraries  and 
autoloaders  with  LTO  3  are  expected  to  be 
available  in  March  starting  at  $6,000.  The 
IBM  TotalStorage  DS4000  Series  is  expected 
in  April,  but  pricing  has  not  been 
announced.  The  TotalStorage  SAN  Volume 
Controller  2.1  is  expected  in  March, starting 
at  $47,000.  ■ 


chipset,  code-named  Hurricane,  that  has 
been  designed  for  the  x3  architecture.  With 
these  components,  IBM  says  it  will  be  able 
to  build  Xeon  servers  with  as  many  as  32 
processors.  The  servers  will  support  Intel’s 
dual-core  processors,  due  next  year. 

IBM’s  xSeries  366  servers  are  optimized  to 
run  applications  such  as  32-  and  64-bit 
databases.  The  systems  will  compete  with 
servers  from  Dell,  HP  and  others. 

McMillian  is  a  correspondent  with  IDG 
News  Service. 


Intel-based  servers  get  IBM  revamp 


"We  have  3,000  PCs  based  everywhere  from 
Argentina  to  Vietnam,  and  now  our  team  can 
update  them  ail  from  headquarters." 

Viktor  Portmann 

Project  Manager,  Department  of  Foreign  Affairs,  Switzerland 


Make  a  name  for  yourself  with  Windows  Server  System. 

Microsoft  Windows  Server  System  makes  it  easier  for 
Switzerland's  Federal  Department  of  Foreign  Affairs 
(DFA)  to  manage  the  infrastructure  serving  their 
embassies  and  consulates  in  156  countries.  Here's 
how:  By  using  Systems  Management  Server  2003 
and  Microsoft  Operations  Manager  2005,  DFA  can 
automatically  update  its  500  remote  servers  from  a 
central  location,  saving  over  $600,000  in  travel 
expenses  alone  in  the  past  year.  They've  also  been 
able  to  reduce  the  time  and  cost  of  maintenance, 
boost  user  productivity,  and  find  the  time  to  better 
prepare  for  expansion.  Software  that's  easier  to 
manage  is  software  that  helps  you  do  more  with 
less.  To  get  the  full  DFA  story  or  to  find  a  Microsoft 
Certified  Partner,  go  to  microsoft.com/wssystem 


Windows 
Server  System 


Windows  Server  System'"  includes: 


Server  Platform  Windows  Server'" 


Virtualization 

Virtual  Server 

Data  Management  &  Analysis 

SQL  Server™ 

Communications 

Exchange  Server 

Portals  &  Collaboration 

Office  SharePoint*  Portal  Server 

Integration 

BizTalk’  Server 

Management 

Systems  Management  Server 

Microsoft1  Operations  Manager 

Security 

Internet  Security  &  Acceleration  Server 

Plus  other  software  products 


Solaris  10  heads  for  Linux  territory 


Operating  systems 


■  BY  THOMAS  HENDERSON,  NETWORK  WORLD  LAB  ALLIANCE 

un  is  gunning  for  some  of  Linux’s  rising  popularity  in  the  enterprise  with  the  newest 
release  of  its  Unix  derivative,  Solaris.  In  this  Clear  Choice  Test,  we  found  that  Solaris 
10  has  been  torn  from  its  SPARC-only  roots  now  runs  very  quickly  and  very  easily  on 
generic  32-bit  x86  Intel-  and  64-bit  Advanced  Micro  Devices-based  servers.  It  also  has 
new  security  features  and  supports  a  range  of  Linux  applications.  And  it’s  free. 


Solaris  10  has  a  variety  of  installation 
options,  ranging  from  an  everything-but- 
the-kitchen-sink  option  that  includes 
OEM  add-ons  to  a  developers’  option  to  a 
slim  “networking”  install.  Most  enterprise 
deployments  would  likely  require  a  devel¬ 
oper  grouping  for  the  initial  installation 
because  it  contains  necessary  compilers, 
applications  and  development  tools. 

We  installed  Solaris  10  on  all  10  of  the 
32-bit  and  64-bit  servers  in  our  labs  with 
only  very  minor  problems.  These  servers 
ranged  from  Sun’s  own  AMD64-based 
V20z  box  to  an  HP-Compaq  server  with 
dual  733-MHz  Pentium  III  processors.  In 
our  tests,  the  operating  system  chose  the 
most  appropriate  drivers  for  the  compo¬ 
nents  in  these  disparate  servers  with  only 
minor  exceptions. 

Solaris  10  has  a  look  and  feel  that’s  sim¬ 
ilar  to  Solaris  9’s.  Both  the  Gnome-based 
Common  Development  Environment 
and  Java  Desktop  System  user  interfaces 
are  offered.  The  Sun  Management  Con¬ 
sole  —  which  can  be  invoked  from  either 
interface  —  controls  users,  groups,  pro¬ 
jects  and  system  resources.  However,  this 
console  doesn’t  support  applications 
needed  to  manage  all  of  the  functionali- 


Net  Results 


OVERALL  RATING 


Solaris  10 


Company:  Sun,  www.sun.com  Cost: 
Operating  system  software  is  free. 
Pros:  Good  performance;  excellent 
hardware  detection;  detailed  security 
features.  Con:  Lacks  competitive  GUI 
management  features. 


The  breakdown 


Installation/integration  25% 


Performance  25% 


Management/administration  25% 


Security  25% 


TOTAL  SCORE 


4.5 


4.5 


3.0 


4.0 


4.0 


Scoring  Key:  5:  Exceptional:  4:  Very  good:  3: 
Average;  2:  Below  average;  1:  Consistently 
subpar 


ty  of  Solaris  10.  For  example,  to  run  en¬ 
cryption  services  or  gather  detailed  disk 
and  file  information,  you  must  use  a 
command-line  interface. 

Commercial  Linux  distributors  have 
learned  how  to  manage  the  myriad 
administrative  options  needed  in  a  server 
operating  system  through  GUI  interfaces. 

Solaris  10  supports  directory  services 
such  as  Network  Information  System  + 
and  those  based  on  Lightweight  Directory 
Access  Protocol.  Even  though  Sun  also 
provides  Samba,  the  open  source 
Microsoft  Windows  connectivity  method, 
it  offers  no  official  support  for  it  and  only 
scant  documentation.  All  three  services’ 
implementations  worked  acceptably  well. 

Solaris  10  is  as  fast  as  its  Linux  compe¬ 
tition  (see  performance  charts  at  www. 
nwfusion.com,  DocFinder:  6088).  The 
numbers  posted  by  Solaris  10  and 
RedHat  Enterprise  Linux  AS  4.0  in  our 
series  of  Web  transactional  tests,  in  which 
both  were  running  Apache  2.0.3  on  the 
same  Polywell  64-bit  server, were  very 
close  across  the  board.  We  did  find  that 
Solaris  had  a  small  performance  advan¬ 
tage  when  tested  on  Sun’s  own  V20z  box. 

Addressing  security 

Solaris,  since  the  release  of  Version  8, 
has  supported  role-based  access  controls 
via  its  Role  Based  Access  Control  (RBAC) 
mechanism.  These  Unix-based  hierarchi¬ 
cal  roles  —  ranging  from  a  lowly  user  or 
file  to  root-level  rights  that  give  a  user  or 
application  full  access  to  system  re¬ 
sources  —  can  be  extended  to  users  and 
application  behavior. 

RBAC  provides  a  method  of  setting  up 
how  those  roles  interact  with  other  sys¬ 
tem  resources  to  prevent  an  application 
or  users  from  reaching  out  to  use  re¬ 
sources  they  are  not  entitled  to  use. This 
feature  is  similar  to  the  security  features 
of  Red  Hat’s  SELinux  implementation 
(see  Red  Hat  Enterprise  Linux  test, 
DocFinder:  6082). 

These  RBAC  role-based  groupings  can 
serve  as  the  basis  of  a  new  security  fea¬ 
ture  within  Solaris  10,  referred  to  as  con¬ 
tainers.  Containers  are  objects  that  com¬ 
prise  users,  applications  and  processes 
logically  grouped  to  create  virtual  work¬ 


spaces;  or  in  Solaris  10  terms,  projects  on 
the  same  physical  server.  Projects  map  to 
the  Linux  Virtual  Machines  seen  in 
SLES9.  These  virtual  workspaces  eschew 
the  overhead  of  full  server  virtualization 
products,  including  VMWare  GSX. 

Containers  boost  overall  system  secur¬ 
ity  because  they  isolate  project  instances 
from  scrutiny  by  other  processes,  and  • 
add  fault  tolerance  by  isolating  processes 
from  each  other  so  if  one  project  fails,  it 
doesn’t  bring  down  the  rest  of  the  system. 

Solaris  10  provides  a  flexible  back¬ 
ground  for  securely  dividing  system 
resources,  providing  performance  guar¬ 
antees  and  tracking  usage  for  these  con¬ 
tainers.  Creating  basic  containers  and 
populating  them  with  user  applications 
and  resources  is  simple.  But  some  cases 
may  require  quite  a  bit  of  fine-tuning. 

Once  initial  container  characteristics 
are  defined,  they  can  be  replicated  to  cre¬ 
ate  multiple  instances  of  like  containers. 
It’s  also  possible  to  change  the  behavior 
of  containers  on  the  fly  to  tune  and  re¬ 
allocate  resources.  Tuning  was  tedious; 
and  although  we  saw  our  results  imme¬ 
diately  the  procedure  can  be  daunting. 

To  monitor  the  activity  of  the  contain¬ 
ers  (as  well  as  other  system  services  and 
applications), Solaris  10  has  a  tool  called 
Dynamic  Tracing  (DTrace).We  found  that 


the  modules  and  device  calls  that  regis¬ 
tered  with  DTrace  produced  a  stunningly 
long  and  detailed  list  of  information  that 
we  subsequently  filtered  to  look  at  spe¬ 
cific  calls,  such  as  disk  and  memory 
requests.The  tool  didn’t  appear  to  detract 
from  performance,  and  the  devil  with 
DTrace  is  in  its  details  —  lots  of  it. 

Sun  recommends  using  Perl  scripts  to 
develop  the  accounting  reports  needed 
to  keep  track  of  containers,  but  we’d  pre¬ 
fer  to  see  a  reporting  module  that  plugs 
into  the  operating  system  that  automati¬ 
cally  tracks  that  information. 

In  terms  of  other  security  features,  Sun 
has  an  automated  patch  management 
process  that  can  update  system  software 
without  attendance. 

Overall,  Solaris  is  a  time-proven  Unix 
platform,  with  a  long  legacy  of  stability 
and  reliability.  Solaris  10  has  been 
tweaked  for  speed  on  generic  PC-based 
hardware,  and  its  new  container  methods 
show  clear  attention  to  security  details. 
The  price  is  certainly  right  for  the  capital 
cost  of  the  product  —  it’s  free.  What’s  not 
free  is  the  training  needed  to  make  many 
of  the  components  of  Solaris  10  sing. 

Henderson  is  principal  researcher  for 
ExtremeLabs  in  Indianapolis.  He  can  be 
reached  at  thenderson@extremelabs.com. 


How  We  Did  It 


[Qill 

*MMBe  tested  Solaris  10  final,  downloaded  from  the  SunStore  site.  We  installed 
■Hb  it  on  nine  different  platforms:  Sun  SunFire  V20z  (two  2.5GHz  AMD64 
■  ■  Opteron  CPUs;  Polywell  2200S  (two  2.5GHz  AMD64  CPUs;  HP  DL360-G2 
(two  3.06-GHz  Xeon  CPUs),  HP  DL580-G3  (four2.5-GHz  Xeon  CPUs),  NetFrame 
1600  (two  3-GHz  Xeon  CPUs),  Dell  PowerEdge  1850  (one  3-GHz  Xeon  CPU), 
Compaq  DL-380  (two  733-MHz  Pentium  IV  CPUs),  and  a  ‘whitebox’  server  (one 
2.6-GHz  AMD  64  CPU). 

We  tested  Solaris  10  on  a  network  consisting  of  a  Gigabit  Ethernet  switched 
backbone  and  checked  logon  compatibility  with  the  following  server  operating 
systems:  Windows  2003  Enterprise  Edition,  Apple  OpenDarwin  OS/X  10.3,  Red 
Hat  Linux  Enterprise  3.0,  Red  Hat  Enterprise  Linux  4  Advanced  Server,  NetWare 
6.5,  NetBSD  1.6.0,  and  Windows  NT  Server  4.0.  We  tested  for  client  logon  compat¬ 
ibility  with  Apple  OS/X  clients,  Windows  XP/2000/98SE  clients  and  Linux  clients 
running  Mandrake  9,  Xandros  3  and  Debian  Sarge. 

We  used  Spirent  Communications’  WebAvalanche  benchmarks.  The  results  are 
an  average  of  five  test  cycles  that  are  within  a  5%  margin  of  error.  We  ran  tests 
of  transactions  per  second,  the  maximum  number  of  TCP  connections  per  sec¬ 
ond  and  the  maximum  number  of  open  TCP  connections  per  second.  We  ran 
Solaris  10  in  64-bit  mode  on  both  Sun  SunFire  V20z  and  the  Polywell  2200S.  We 
also  tested  in  32-bit  mode. 


Spam  and  virus  protection  at  an  affordable  price. 


•  No  per  user  license  fees 

•  Prices  starting  at  $1399 

•  Powerful,  enterprise-class  solution 


uda  Spam  Firewall 


^Copyright  2004  Barracuda  Networks,  Inc.  All  rights  reserved.  Reclaim  Your  Email.snd  Barracuda  Spam  Firewall  are  either 
trademarks  or  registered  trademarks  of  Barracuda  Networks.  Inc.  and/or  it  subsidiares  in  the  United  States  and/or  other  countries. 


Order  a  free  evaluation  unit  at 
www.barracudanetworks.com 


Aggressive  Reseller  Program 

POWERFUL  EASY  TO  USE  AFFORDABLE  Get  more  info  by  visiting  www.barracudanetworks.com/Cebit 

or  by  calling  1 -888-ANTI-SPAM  or  408-342-5400 


The  security  of  your  entir 
network  is  entirely  in  your  h, 

(Can  you  at  least  show  a  hint  of  panic?) 


When  you  need  to  upgrade  your  network  security,  it's  nice  to  know  you  can  count  on  CDW.  Our  account  managers 
and  product  specialists  can  get  you  quick  answers  to  questions.  And  with  fast  shipping  and  access  to  the  industry's 
largest  in-stock  inventories,  you  can  be  sure  to  get  the  security  solutions  you  need  when  you  need  them.  So  give 
us  a  call  and  find  out  first  hand  how  we  make  it  happen.  Every  order,  every  call,  every  time. 


The  Right  Technology.  Right  Away. 

CDW.com  •  800.399.4CDW 
In  Canada,  call  800.387.2173  •  CDW.ca 
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IBM  expanding  Workplace  realm 


The  lineup  card 

IBM’s  Workplace  is  not  only  the  name  for  a  next  generation  of  collaboration 
products  but  a  slew  of  other  technology  that  falls  under  its  banner. 


Workplace  offerings 

Description 

Corporate  Software 

IBM  Workplace  Collaboration 
Services 

All-in-one  collaboration  server  with  per-processor 
pricing. 

Lotus  Notes/Domino 

The  classic  Lotus  platform. 

WebSphere  Portal 

Classic  portal  and  key  companion  forWorkplace 
ClientTechnoiogy. 

WebSphere  Everyplace 

Tools  and  Technology 

Support  for  remote  and  wireless  access. 

Workplace  Client  Technology 

Framework  that  provides  interface  on  many  devices 
for  server-hosted  applications. 

Workplace  Builder 

A  template  editor  to  cutomize  preconfigured 
Workplace  applications. 

Workplace  Designer 

Just  introduced  Eclipse-based  development  tool 
similar  to  Domino  Designer, 

Lotus  Domino  Designer 

Provides  form,  views,  XML  and  Java  for  building 
collaborative  applications. 

SOURCE:  IBM/LOTUS 


■  BY  JOHN  FONTANA 

While  IBM/Lotus  has  assured  users 
that  Notes/Domino  has  a  future,  it  also 
has  made  it  clear  that  the  company’s 
Workplace  strategy  is  its  next-generation 
platform. 

Last  month  at  the  company’s  annual 
Lotusphere  conference,  Notes/Domino 
was  given  its  due,  which  included  a  road 
map  that  stretches  out  for  another  two 
upgrades  and  likely  beyond.  But  there  was 
no  doubt  that  the  ship  is  turning  toward 
Workplace,  which  is  both  a  company 
“vision”  of  the  future  and  the  brand  for  a 
growing  cache  of  products. 

Workplace  is  the  IBM  Software  Group’s 
Herculean  effort  to  marry  business  process 
automation  and  collaboration,  and  grow  its 
user  base  from  118  million  Notes/Domino 
faithful  to  more  than  200  million  Work¬ 
place  believers. 

But  what  the  company  has  to  do  now  is 


■  BEA  Systems  last  week  said  it 
plans  to  join  Eclipse  Foundation, 

the  open  source  tools  project  IBM 
backed.  BEA  joins  Eclipse  as  a  board 
member  and  strategic  developer  part¬ 
ner  —  a  commitment  that  will  cost 
the  vendor  about  $1.5  million  per  year 
in  code  and  development  man-hours. 
As  one  of  its  initial  Eclipse  responsibil¬ 
ities,  BEA  will  jointly  take  the  lead  on 
the  Web  Tools  Platform  project,  which 
will  creates  infrastructure  tools  to 
support  Java  2  Platform  Enterprise 
Edition  and  Web-enabled  application 
development.  BEA  also  announced 
the  next  version  of  its  own  WebLogic 
Workshop  integrated  development  en¬ 
vironment,  code-named  Daybreak, 
which  will  support  the  Eclipse  frame¬ 
work.  Eclipse  offers  a  royalty-free 
platform  for  integrating  software  de¬ 
velopment  tools.  Its  plug-in-based 
framework  is  designed  to  make  it  eas¬ 
ier  for  customers  to  create  and  use 
software  tools  in  multi-platform  and 
multi-vendor  environments.  Microsoft 
and  Sun  remain  the  most  prominent 
Eclipse  holdouts. 


clearly  define  what  Workplace  is  and  how 
companies  build  it,  experts  say 

At  Lotusphere,  the  focus  naturally  was 
from  the  Notes/Domino  angle  as  IBM  laid 
out  new  Workplace  software  upgrades,  de¬ 
velopment  tools  and  client  interfaces.  This 
was  all  done  with  an  emphasis  on  calming 
the  jitters  of  Notes/Domino  users  by  assur¬ 
ing  them  Notes/Domino  coexists  with 
Workplace. 

“Right  now  the  battle  for  Lotus  is  to  hold 
onto  its  install  base  and  try  to  get  them  ex¬ 
cited  about  Workplace,” says  Matt  Cain, sen¬ 
ior  vice  president  at  Meta  Group.“My  sense 
is  that  the  Notes/Domino  user  base  will  be 
unwilling  to  move  until  they  see  real  posi¬ 
tive  proof  that  they  will  not  lose  anything 
by  going  to  the  Workplace  platform.” 

Defining  Workplace 

First,  users  will  have  to  understand  that 
Workplace  is  broader  than  just  a  next-gen¬ 
eration  Notes/Domino. 

“Workplace  is  about  a  brand  we  are  try¬ 
ing  to  establish,  and  the  promise  of  the 
brand  is  transforming  the  way  people 
work,”  says  Akiba  Saeedi,  manager  for  IBM 
Workplace  collaboration  products.  “In 
order  to  fulfill  that  promise,  a  customer 
may  use  multiple  components  for  their 
environment.They  may  use  products,  solu¬ 
tions,  and  they  may  use  tools  and  technol¬ 
ogy  that  we  sell.”  (See  graphic.) 

On  one  hand,  Workplace  is  IBM’s  service- 
oriented  architecture  for  collaboration, 
which  is  a  dramatic  turn  from  nearly  two 
years  ago  when  the  company  introduced 
its  first  Workplace  component,  Workplace 
Messaging,  as  a  niche  product  to  provide 


■  BY  DENISE  DUBIE 

Customers  looking  to  automate  the  dis¬ 
covery,  collection  and  maintenance  of  con¬ 
figuration  data  across  their  application  in¬ 
frastructure  might  be  interested  in  a  new 
product  available  from  management  start¬ 
up  Tideway  Systems. 

Tideway,  launched  in  the  U.K.  in  2002 
and  headed  by  former  Orchestream  CEO 
Richard  Muirhead.last  week  made  its  U.S. 
debut  by  introducing  its  Foundation  prod- 
uct.The  Foundation  4.6  appliance  sits  in  a 
data  center  and  is  plugged  into  the  net¬ 
work,  from  where  it  discovers  application 
configurations  across  a  data  center  and 


simple  e-mail. 

Workplace  is  used  to  define  much  of  the 
technology  that  IBM  develops  for  so- 
called  information  or  knowledge  workers, 
which  include  servers  built  on  WebSphere 
such  as  Portal,  Collaboration  Services,  and 
Web  Content  Management.  It  also  in¬ 
cludes  Notes/Domino.  It  encompasses  de¬ 
velopment  tools,  application  components 
such  as  team  workspaces  and  presence, 
and  the  Workplace  Client  Technology  —  a 


maintains  a  database  of  blueprints,  and 
tracks  changes.  Foundation  uses  agent¬ 
less  collection  methods,  querying  servers 
and  other  devices  for  configuration  infor¬ 
mation. 

Tideway  executives  say  the  product, 
which  comes  as  an  appliance  pre-loaded 
with  the  company’s  proprietary  software, 
can  be  used  to  collect  data  and  serve  as  a 
configuration  management  database 
(CMDB)  for  large  enterprise  networks. 

U.S.  companies  and  vendors  started  pay¬ 
ing  closer  attention  to  the  benefits  of  a 
CMDB  last  year  as  the  Information  Tech¬ 
nology  Infrastructure  Library  (ITIL)  grew 
more  popular.  While  ITIL  already  had 


full-featured,  browser-based  client  built  on 
the  open  source  Eclipse  Framework. 

But  Workplace  also  is  a  generic  term 
used  to  sell  non-techies  on  the  business 
process  benefits  of  the  strategy  and  to 
frame  the  next  battlefront  with  Microsoft. 

At  Lotusphere,  IBM  held  a  conference 
within  a  conference  called  Workplace  For¬ 
um,  where  Workplace  was  sold  to  corpo¬ 
rate  executives  as  a  strategy  for  structuring 
See  Workplace,  page  30 


detailed  the  concept  of  a  centralized 
CMDB, vendors  had  yet  to  deliver  products. 
As  recently  as  last  month,  products  started 
to  emerge  from  management  heavy¬ 
weights  BMC  and  Computer  Associates, 
asset  management  software  makers  such 
as  Altiris  and  Peregrine  Systems, and  a  crop 
of  new  vendors  —  Collation,  mValent, 
Relicore  and  Troux  —  dedicated  solely  to 
tracking  application  configuration. 

“The  implementation  of  a  CMDB  is  at  t'  ■ 
core  of  configuration  management.’  . 
Jean-Pierre  Garbani.an  analyst  at  Fonestn 
Research.  A  CMDB  stores  details  of  the  v 
plication  and  infrastructure  compCi>e;’.! 

See  Tideway,  pagsa  2U 


Start-up  unveils  configuration  mgmt.  too f 
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www.nwfusion.com 

I  hope  by  now  ChoiceFbint  has  made 
enough  dumb  decisions  to  ensure  that 
we  get  some  useful  national  mandates 
that  require  reasonable  protection  for  data 
about  people.  Or  I  hope  we  at  least  get 
requirements  to  tell  us  when  some  com¬ 
pany  holding  such  information  screws  up. 

For  those  who  didn’t  see  the  news  cover¬ 
age,  ChoicePoint  recently  admitted  to 
being  struck  by  what  is  probably  the  big¬ 
gest  case  of  identity  theft  to  date.  Choice- 
Point  is  a  rapidly  growing  company  in  Al¬ 
pharetta,  Ga.,  that  offers  data-related  ser¬ 
vices  that  range  from  pre-employment 
screening  to  direct  marketing  support.  The 
company  says  its  databases  include  19  bil¬ 
lion  records  about  people,  their  activities 
and  histories. 


Dumber  decisions  -  safer  world? 


ChoiceFbint  recently  admitted  discover¬ 
ing  last  October  that,  for  at  least  a  year, 
more  than  50  fake  companies,  operating 
out  of  Kinko’s  stores,  had  full  access  to 
ChoiceFbint’s  data  and  apparently  made 
good  use  of  the  access.  For  a  company 
whose  registered  Web  site  motto  is  “Smarter 
Decisions  —  Safer  World,”  ChoicePoint  has 
made  some  rather  dumb  decisions  of  late. 

•  The  company’s  validation  procedures 
for  permitting  access  to  its  databases  was 
clearly  inadequate.  Maybe  the  company 
decided  that  it  was  too  expensive  to  do 
things  correctly  —  for  example,  by  visiting 
all  companies  before  granting  access? 

•  ChoiceFbint  didn’t  tell  any  of  the  peo¬ 
ple  whose  data  was  stolen  that  that  they 
were  at  risk  for  identity  theft  for  almost  five 
months.  The  company  said  it  was  the  cops 
who  didn’t  give  a  hoot  about  warning  peo¬ 
ple  that  their  good  names  were  in  eminent 
danger  and  told  ChoiceFbint  not  to  tell 
anyone.  Maybe,  but  ChoiceFbint’s  later 
actions  indicate  that  it  was  not  exactly 
eager  to  do  what  was  right. 


•  When  ChoiceFbint  finally  admitted  that 
something  had  happened,  the  company 
downplayed  it  and  said  that  the  only  peo¬ 
ple  who  were  at  risk  were  35,000  or  so  Cali¬ 
fornians.  Perhaps  not  coincidentally  Cali¬ 
fornia  by  law  is  the  only  state  where  people 
whose  private  information  is  exposed  by 
such  breaches  must  be  notified  (see 
www.nwfusion.com,  DocFinder:  6086). 

•  Only  after  considerable  pressure,  in¬ 
cluding  a  letter  from  38  state  attorneys  gen¬ 
eral  demanding  that  people  at  risk  in  their 
states  also  be  notified,  did  ChoiceFbint 
belatedly  say  it  would  send  letters  to 
1 10,000  additional  people.  (One  wonders  if 
the  attorneys  general  of  the  other  states 
think  that  identity  theft  is  OK.)  Since  that 
expansion,  there  have  been  news  reports 
that  the  number  of  people  whose  data  was 
accessed  might  exceed  500,000. 

•  ChoiceFbint  includes  information  that 
it  doesn’t  need  to  in  the  reports  it  provides 
—  such  as  a  Social  Security  number  in  its 
personal  property  and  personal  auto  re¬ 
ports  (samples  of  which  are  on  the  com? 


pany’s  Web  page). I  understand  the  compa¬ 
ny  might  want  to  include  the  ability  to  look 
someone  up  using  a  Social  Security  num¬ 
ber,  but  I  don’t  understand  why  it’s  needed 
in  a  report  —  same  for  date  of  birth  and  a 
number  of  other  fields  —  unless  the  outfit 
wants  to  facilitate  identity  theft. 

One  good  thing  might  come  out  of  this 
fiasco:  Maybe,  Congress  will  extend 
California’s  notice  requirement  nation¬ 
wide.  One  thing  that  should  happen  but 
will  not,  unless  some  Congress  critters  were 
in  the  exposed  population,  is  to  make  com¬ 
panies  like  ChoiceFbint  pay  for  any  dam¬ 
age  done  by  such  lax  processes. 

Maybe  ChoiceFbint’s  dumb  decisions 
will  wind  up  making  this  a  safer  world. 

Disclaimer:  Historians  have  said  (and  will 
say)  if  Harvard  makes  dumb  decisions.  But 
the  above  exploration  and  hope  is  mine, 
not  the  university’s. 

Bradner  is  a  consultant  with  Howard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com 


Workplace 

continued  from  page  29 

business-process  execution. 

Overall,  IBM  is  upping  the  ante  with  Work¬ 
place  in  its  long  battle  with  rival  Microsoft. 
Between  the  two,  the  contest  is  no  longer  to 
see  who  can  hook  the  most  groupware  cus¬ 
tomers  but  is  shifting  to  a  battle  over  the 
desktop  client,  application  developers,  pro¬ 
gramming  languages  and  the  next  genera¬ 
tion  of  collaboration  components  such  as 
presence. 

“When  IBM  tries  to  paint  the  larger  um¬ 
brella  term  of  Workplace,  there  is  a  whole 
slew  of  things  it  could  be,”  says  Mike  Gotta, 
senior  vice  president  and  principal  at  Meta 
Group.  “It  could  be  business-level  consult¬ 
ing,  process  modeling,  workflow  analysis. 
Where  does  collaboration  and  content 
learning  fit  into  that  context  of  getting  a 
particular  series  of  tasks  done?”  In  the  end, 
the  questions  become  what  constitute 
Workplace:  Is  it  one  set  of  technologies,  or 
is  it  any  one  of  multiple  combinations  of 
technologies?  How  much  of  it  comes  from 
IBM,  from  IBM’s  partners  and  what  ability 
exists  to  substitute  other  vendor’s  products? 

“Those  are  the  things  that  IBM  still  needs 
to  make  more  clear/’  he  says. 

The  Collaboration  direction 

IBM  is  first  starting  to  build  that  under¬ 
standing  from  the  Notes/Domino  angle. 

Last  month,  the  company  announced 
Workplace  Collaboration  Services  2.5,  a 
Java  2  Platform  Enterprise  Edition-based 
collaboration  platform  for  running  pre¬ 
built,  reusable  collaboration  services,  in¬ 
cluding  e-mail  and  instant  messaging.  It 
includes  the  first  pass  at  Workplace’s  inter¬ 
face  of  the  future,  Activity  Explorer,  where 
users  can  group  e-mail,  chats  and  docu¬ 
ments,  and  see  activity  on  those  objects 
using  integrated  presence  capabilities. 


“They  now  have  better  alignment  and 
synergy  between  Workplace  and  Notes/ 
Domino  and  a  much  more  credible  story/’ 
says  Fbter  O’Kelly  an  analyst  at  Burton 
Group. 

IBM  also  unveiled  Workplace  Designer,  a 
rapid  application  development  tool, similar 
to  Domino  Designer,  and  a  critical  transi¬ 
tion  tool  for  Notes/Domino  developers. 
And  the  company  announced  a  Notes  7 
client  plug-in  for  the  Workplace  Client 
Technology  a  framework  built  on  Eclipse 
and  Java  that  eventually  will  include  the 
Notes  8  client. 

The  platform  was  enough  to  attract  San 
Francisco  State  University  (SFSU),  which 
signed  a  $2.3  million  contract  with  IBM  ear¬ 
lier  this  month  to  acquire  Workplace  Col¬ 
laboration  Services  2.5  and  secure  IBM 
consulting  services  to  roll  it  out  over  the 
next  three  years. 

The  school  plans  to  provide  what 
amounts  to  an  electronic  classroom.  Work¬ 
place  will  provide  pre-populated  calendars 
with  a  student’s  classes  and  assignments; 
provide  access  to  a  class  management  sys¬ 
tem  and  library  search  services;  and  let  stu¬ 
dents  submit  work  online. 

“We  really  feel  that  IBM  got  it  right  with 
Workplace.  Their  vision  is  insightful,”  says 
Jonathan  Rood,  associate  vice  president  for 
IT  at  SFSU.  Rood  says  he  is  so  convinced 
IBM  is  on  to  something  that  the  university 
actually  will  first  replace  its  mishmash  of 
e-mail  systems  with  Notes/Domino  and 
then  start  another  upgrade  to  roll  out 
Workplace. 

“Because  we  wanted  this  so  much,  we 
were  willing  to  go  through  this  extra  step 
to  get  where  we  want  to  go.  That  is  very 
unusual,  but  for  our  environment  and  our 
needs  in  dealing  with  40,000  users, 
Workplace  was  the  right  fit.  Microsoft  did¬ 
n’t  offer  all  the  aspects  that  we  wanted,”  he 
says. 


The  competition 

However,  Microsoft  remains  IBM’s  chief 
competitor.  Workplace  is  about  battling  a 
long-time  collaboration  foe  on  a  number  of 
levels  that  include  development  tools,  run¬ 
time  environments,  collaboration  compo¬ 
nents  and  business-process  integration. 

IBM  uses  its  Workplace  Designer,  Eclipse 
framework  and  Workplace  Client  Technolo¬ 
gy  to  counter  Microsoft’s  Visual  Studio  and 
.Net  Framework  to  supply  users  with  multi¬ 
language  development  tools  and  rich  desk¬ 
top  client  capabilities  beyond  a  browser. 

While  IBM  wraps  its  collaboration  plat¬ 
form  into  one  brand  called  Workplace  and 
a  cross-platform  strategy,  including  last 
week’s  announcement  of  a  $100  million 
investment  in  development  work  on  Linux, 
Microsoft  uses  multiple  products  such  as 
Exchange,  Office,  ShareFbint,  Live  Com¬ 
munication  Server  and  Live  Meeting  to 
define  its  Windows-centric  platform. 


Tideway 

continued  from  page  29 

elements  that  “an  organization  uses  to  pro¬ 
vide  and  manage  its  rT  services,”  he  says. 

New  to  Tideway’s  latest  release  is  the  abil¬ 
ity  to  model  business  applications  based 
on  software  configurations  and  the  data 
center  components  applications  touch. 
The  product  also  has  enhanced  version 
identification  for  software  packages  such 
as  Solaris  and  Sybase.  Previous  versions 
performed  an  auto-discovery  and  main¬ 
tained  a  database. 

For  Stephen  Ashton,  automating  the  col¬ 
lection  of  configuration  data  and  being 
able  to  maintain  one  CMDB  (down  from 
more  than  20  separate  databases)  was  key 
to  his  organization.The  director  of  global  IT 
business  management  for  Dresdner 
Kieinwort  Wasserstein,  a  global  investment 


“We  have  been  competing  with  IBM  in 
this  space  for  a  long  time,  and  now  they  are 
suggesting  customers  should  use  Work¬ 
place,”  says  Dan  Leach,  group  product  man¬ 
ager  for  the  Microsoft  Office  System.  “We 
think  the  Workplace  approach  minimizes 
the  value  of  the  smart  client  that  is  already 
available  with  Office  and  masks  the  com¬ 
plexity  of  their  server-dependent  approach 
that  includes  costly  contracts  with  IBM 
Global  Services.”  Those  comments  fore¬ 
shadow  another  fierce  battle  between  these 
two,  a  battle  some  say  IBM  already  leads. 

“Microsoft  previously  has  said  that  user 
productivity  would  be  a  much  tougher  nut 
to  crack  in  the  future  and  would  not  be 
about  just  throwing  desktop  tools  out 
there,”  Meta’s  Gotta  says.  “It  all  has  to  work 
together  and  the  point  is  business  process.” 

Gotta  says  IBM  has  a  more  cohesive  story 
on  that  front,  but  that  it  still  has  a  lot  of  work 
to  do  to  pull  it  off.H 


bank  in  London,  says  he  looked  for  a  prod¬ 
uct  when  the  bank  expanded  its  reach  to 
the  U.S.  and  regulations  such  as  Sarbanes- 
Oxley  demanded  he  keep  accurate 
accounts  of  configurations. 

Foundation  automates  the  collection  and 
maintenance  of  the  CMDB,  which  Ashton 
says  helps  his  staff  stay  on  top  of  configu¬ 
ration  changes  that  could  affect  applica¬ 
tion  performance.  He  says  he  hopes 
Foundation  will  help  his  staff  determine 
utilization  and  plan  for  capacity  based  on 
the  data. 

With  more  than  6,000  documented 
changes  per  year,  Ashton  says  automation 
is  the  only  way  to  attain  the  speed  and  seal- 
ability  to  handle  the  complexity  of  change 
in  the  organization’s  environment. 

Tideway’s  Foundation  4.6  starts  at 
$100,000  and  is  priced  depending  on  cus¬ 
tomer  networks.  ■ 
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MCI  beefs  up  traffic  prioritization 


MCI  adds  two  classes  of  service 

Priority  and  transactional  categories  augment  three  exisiting  options. 

Class 

Forwarding  priority 

Apps  that  typically  apply 

Real  time 

Highest 

Voice 

Priority  data 

2nd-highest 

Video,  SAP,  Siebel 

Mission-critical 

3rd-highest 

Point-of-sale,  Citrix 

Transactional  data 

4th-highest 

Telnet,  extranet,  general  data 

Default 

(The  classes  in  blue  are  new.) 

lowest 

FTP,  e-mail 

■  DirecTV  inked  a  three-year,  $69  mil¬ 
lion  contract  with  AT&T  last  week, 
DirecTV  has  been  an  AT&T  customer 
for  10  years.  The  contract  will  support 
new  IP-based  technologies  such  as 
VoIP  throughout  the  satellite  television 
service  company  including  its  cus¬ 
tomer  service  call  centers,  DirecTV 
uses  AT &T’s  voice  services  to  support 
its  customer  service  operation  and 
AT &T  data  services  to  support  its 
enterprise  network.  DirecTV  also 
uses  AT &T’s  BusinessDirect  cus¬ 
tomer  portal  to  access  real-time  net¬ 
work  performance  reports,  request 
trouble  tickets,  and  troubleshoot  and 
resolve  network-related  issues. 

■  Qwest  last  week  said  it  has  been 
cleared  to  bid  on  U.S.  government 
contracts  after  completion  of  a  two- 
and-a-half-year  review  by  the  General 
Services  Administration.  The  GSA 
took  into  account,  among  other  things, 
significant  changes  in  company  man¬ 
agement  and  the  company's  ethics 
program,  Qwest  says.  During  the  re¬ 
view  period,  Qwest  continued  to  win 
contracts  from  federal  entities  includ¬ 
ing  the  U.S.  Mint  and  Air  Force  bases. 
Qwest  provides  communications  ser¬ 
vices  for  the  Department  of  the 
Treasury,  National  Institutes  of 
Health,  Department  of  Labor, 
Department  of  Energy,  Internal 
Revenue  Service  and  even  the  GSA. 

■Akamai  Technologies  and  Mac¬ 
romedia  Flash  are  teaming  to  give 
end  users  a  quick,  secure  way  to 
speed  the  delivery  of  Flash  video  to 
desktops.  The  companies  last  week 
announced  the  immediate  availability 
of  Akamai  Streaming  for  use  with 
Macromedia  Flash.  Executives  say  the 
service  will  eliminate  the  need  to  de¬ 
ploy  video  on-demand  applications 
across  multiple  browsers  and  plat¬ 
forms  because  users  will  be  able  to 
instantly  view  video  using  Flash  Player. 
Content  providers  upload  media  such 
as  movies,  product  demonstrations, 
corporate  announcements  and  sales 
training  to  Akamai's  EdgePlatform, 
where  it  is  stored  and  delivered  on 
demand.  Pricing  depends  on  use. 


■  BY  DENISE  PAPPALARDO 

MCI  Private  IP  customers  now  can  set 
more  specific  traffic  prioritization  over 
their  Multi-protocol  Label  Switching-based 
VPNs,  while  also  getting  a  better  view  into 
end-to-end  performance  with  new  moni¬ 
toring  tools. 

MCI  has  added  two  classes  of  service 
(CoS)  to  its  Private  IP  service,  which  brings 
the  number  of  levels  from  three  to  five. 
Within  MCI’s  priority  data,  mission-critical 
and  transactional  data  classes  (see  graph¬ 
ic,  right)  customers  can  set  additional  pri¬ 
ority  levels  for  a  total  of  eight  levels. 

MCI  supports  prioritization  across  its  net¬ 
work  using  the  IETF’s  Differentiated 
Services  specification  and  class-based 
weighted  fair  queuing. 

“We  don’t  expect  too  many  users  to  take 
advantage  of  all  eight  priority  levels,”  says 
Mike  Marcellin,  senior  director  of  VPN  and 
data  marketing  at  MCI.  But  the  company 
anticipates  more  users  will  become  inter¬ 
ested  in  further  prioritization  within  a  few 
years  as  they  add  more  applications. 

Analysts  agree  that  most  customers  will 
not  opt  to  use  eight  priority  levels,  and  only 
a  handful  will  use  all  five  classes. 

“Three  classes  of  service  is  the  bare  mini¬ 
mum,  and  four  or  five  classes  is  nice.  Eight 
is  not  all  that  important  to  businesses,”  says 
Brian  Washburn,  a  senior  analyst  at  Current 
Analysis. 


■  BY  DENISE  PAPPALARDO 

If  you’re  unfamiliar  with  the  Enterprise 
Networking  Technologies  Users  Associ¬ 
ation,  the  current  state  of  upheaval  in  the 
telecom  industry  might  present  reason 
enough  to  check  it  out. 

ENTUA  is  one  of  the  most  active  user 
groups  for  enterprise  customers,  with  125 
members  from  55  companies  working  to 
broaden  access  to  network  carriers, 
champion  member  interests,  and  drive 
product  and  application  development. 

Considering  the  turbulent  nature  of  the 
telecom  industry  with  SBC’s  planned  $16 
billion  acquisition  of  AT&T  and  Verizon’s 
planned  $6.7  billion  acquisition  of  MCI, 
an  advocacy  group  on  your  side  might 


Robert  Whiteley,  an  analyst  at  Forrester 
Research,  agrees  but  sees  some  users 
looking  for  more  detailed  capabilities  in 
the  future. 

“Many  enterprises  are  not  yet  advanced 
enough  in  their  MPLS  deployments  to 
carve  their  traffic  into  four  or  five  differ¬ 
ent  classes,”  Whiteley  says.  “However, 
many  enterprises  do  see  it  as  a  future 
requirement.” 

MCI  leads  competitors  in  terms  of  num¬ 
ber  of  classes,  but  some  analysts  don’t  see 
that  as  a  significant  differentiator. 

“Both  Sprint  and  AT&T  offer  competitive 
MPLS-based  VPN  offerings  like  MCI’s,” 
Whiteley  says. 

AT&T’s  service  is  called  Network-based 
VPN  and  has  four  levels  of  CoS  available. 
Sprint’s  service,  MPLS  VPN,  also  offers 
four  CoSs. 

MCI  also  is  making  monitoring  tools 


pay  dividends. 

Last  year,  ENTUA,  which  was  formed  in 
1997  from  two  separate  AT&T  user  groups, 
broadened  its  focus  beyond  an  AT&T-only 
user  organization.  An  AT&T  representative 
sat  on  the  group’s  board  up  until  mid- 
December. 

At  that  time,  the  group’s  members  voted 
to  let  other  carriers  participate.  With  so 
many  companies  using  multiple  pro¬ 
viders,  ENTUA  says  it  made  sense  to 
expand  the  group’s  reach  beyond  AT&T. 

To  better  address  member  needs  and 
goals,  the  group  also  restructured  its  com¬ 
mittees,  says  Jay  Shell,  vice  president  of 
committees  at  ENTUA  and  a  member  of 
the  technical  staff  at  Flagstar  Bank  in  Troy, 
See  ENTUA,  page  34 


from  Concord  Communications  available 
to  all  of  its  Private  IP  customers.  In  the 
past,  it  only  offered  the  tools  to  Managed 
Private  IP  service  customers. 

MCI  is  offering  four  monitoring  tool 
packages  ranging  from  its  Basic  package 
with  weekly  network  performance 
reports,  which  is  available  at  no  addition¬ 
al  charge,  to  near  real-time  prioritization 
monitoring  with  information  that’s  less 
than  5  minutes  old. 

“These  tools  are  often  the  only  portal 
an  enterprise  has  to  determine  that  the 
VPN,  or  other  MCI  service,  is  meeting 
[service-level  agreement]  requirements,” 
Whiteley  says. 

The  carrier’s  Private  IP  Standard  Select 
Reporting  includes  on-demand  network 
trend  reports  in  addition  to  weekly 
reports  that  are  included  in  the  basic 
package. This  package  is  available  for  $20 
per  month,  per  site. 

Private  IP  ETM  Reporting  includes  the 
Standard  Select  package  plus  CoS  perfor¬ 
mance  monitoring. This  is  available  for  $40 
per  month,  per  site. 

MCI’s  Private  IP  ETM  Select  Reporting 
includes  the  above  package  plus  near-real- 
time  performance  traffic  prioritization 
reporting.  The  package  also  includes  a 
complete  customer  network  status  map. 
The  package  is  available  for  $55  per 
month,  per  site. 

“These  tools  are  great  stuff,”  Washburn 
says.“It’s  a  nice,  cheap  way  to  get  great  ‘eye- 
candy’  that  some  users  need  to  show  man¬ 
agement  what’s  going  on  in  the  network.” 

Washburn  says  the  Concord  tools  are  less 
expensive  than  going  with  a  Visual 
Networks’  set-up  where  a  DSL7CSU  is 
required  at  every  site.  But  he  also  says  users 
are  limited  to  only  seeing  at  the  SNMP 
layer.Visual  lets  users  see  down  to  the  trans¬ 
mission  level. 

MCI  says  it  will  launch  a  LAN  analysis 
reporting  tool  in  April  based  on  software 
from  Centrisoft.  ■ 
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EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


Life’s  tough  for  telecom  managers. 
They’re  caught  in  an  epic  Catch-22: 
Carriers  consistently  screw  up  ser¬ 
vices  and  billing,  and  then  deny  the  prob¬ 
lem  and  refuse  to  remediate. The  only  real 
recourse  is  to  switch  to  another  telco  — 
which  will  do  the  exact  same  thing,  sooner 
or  later.  Are  we  crazy  yet.Yossarian? 

Here’s  a  typical  case  from  a  reader:  “I’ve 
recently  switched  my  T-l  voice  service 
to  Paetec  Communications.  Since  the 
change  in  early  December,  I’ve  had  a  lot  of 
misdirected  and  dropped  outgoing  calls, 
and  some  incoming  calls  being  routed  to 
the  strangest  busy  signal  I’ve  ever  heard.  My 
carrier  swears  their  line  is  fine  and  will  do 


The  carrier  Catch-22 ...  and  how  best  to  cope 


no  more.  What  do  I  do?” 

Or  another:  A  reader  complains  that  his 
carrier  (Sprint  in  this  case)  had  over¬ 
charged  him  to  the  order  of  $60,000  per 
year.  When  faced  with  convincing  proof  of 
the  overcharge,  Sprint  graciously  con¬ 
ceded  —  that  it  owed  a  little  more  than 
$  1 ,000.  Gee,  thanks,  guys. 

And  please  don’t  get  the  wrong  idea  that 
anyone  else  is  off  the  hook  just  because 
I’ve  singled  out  Paetec  and  Sprint.  There 
was  the  time  MCI’s  frame  relay  network  cor¬ 
rupted  a  client’s  frame  relay  packets,  and 
MCI  tried  to  say  it  wasn’t  at  fault  because 
“we  only  promise  to  deliver  the  packets  — 
we  make  no  guarantees  about  the  condi¬ 
tion  they’re  in  when  they  get  there.”  (I  real¬ 
ly  am  not  making  this  up.) 

My  all-time  favorite  carrier  crisis  involved 
the  inability  to  connect  a  single  interna¬ 
tional  circuit,  despite  multiple  conference 
calls  involving  senior  executives  at  all  the 
company’s  carriers,  which  if  memory 


serves  included  AT&T, Verizon  and  a  brace 
of  European  PTTs.  And  space  constraints 
are  the  only  reason  to  leave  out  stories 
about  SBC,  BellSouth,  Qwest,  et.  al. 

You  get  the  idea.  Whoever  your  carrier  is, 
they  probably  screw  up  on  a  regular  basis 
(if  not,  write  and  let  me  know  —  Network 
World  readers  are  dying  to  hear  from  you). 

The  only  saving  grace  is  that  regardless  of 
the  specifics  of  the  problem,  the  solution’s 
usually  the  same.  It’s  by  no  means  perfect, 
but  if  your  carrier  chronically  screws  up,  do 
the  following: 

•  Document  the  heck  out  of  the  problem. 
Every  time  it  happens,  send  a  letter  to  the 
provider  (and  keep  a  copy).  It  won’t  make 
the  problem  any  better,  but  it  will  provide 
ammunition  if  you  want  to  terminate  your 
contract  early  without  penalty 

•  While  the  FCC  is  unlikely  to  be  of  much 
help  (they’re  too  busy  cracking  down  on 
wardrobe  malfunctions),  provide  them 
and  the  local  public  utility  commission 


with  detailed  documentation  and  request 
to  lodge  a  complaint. 

•  Consider  switching  to  another  carrier. 
Issue  an  RFP  to  as  many  providers  as  pos¬ 
sible,  request  detailed  service-level  agree¬ 
ments  —  and  be  sure  to  include  an  “out 
clause”  permitting  you  to  terminate  the 
contract  without  penalty  for  documented 
non-performance,  which  means  you’ll  have 
to  be  prepared  to  benchmark  performance 
(see  above). 

And  keep  your  chin  up  —  even  Yossarian 
finally  made  it  out  OK. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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Spim  arrest  spotlights  growing  problem 

New  York  teen  charged  with  CAN-SPAM  violations,  attempted  extortion. 


■  BY  PAUL  ROBERTS 

A  New  York  man  has  been  arrested  and 
charged  with  sending  out  unsolicited 
instant  messages,  marking  the  first  known 
case  of  criminal  action  taken  against 
someone  accused  of  sending  “spim,”  or 
instant-message  spam. 


ENTUA 

continued  from  page  31 

Mich.  The  group  now  has  three  active 
committees  that  are  concentrating  on 
education,  customer  network,  and  govern¬ 
ment  and  regulatory  issues. 

The  first  committee  is  working  on  offer¬ 
ing  members  opportunities  to  learn  about 
new  technologies.  Some  of  these  efforts 
are  in  the  form  of  Webcasts  and  are  host¬ 
ed  by  vendors. 

The  customer  network  committee  is  set 
up  to  focus  on  technology  evolution.This 
group  is  charged  with  engaging  network 
carriers  to  find  out  where  they  are  with 
certain  technologies. 

The  third  committee  is  focusing  on  how 
regulation  affects  services  and  the  carri¬ 
ers.  For  example,  the  group  is  trying  to 
inform  members  of  how  telecom  tax 
issues  affect  companies,  letting  users  take 
an  informed  position, Shell  says. 

ENTUA  is  also  in  the  process  of  reviving 
its  Listserv  discussion  board.  Members 
will  be  able  to  use  this  as  a  means  to 
exchange  information.  For  example,  if  one 
member  is  about  to  deploy  a  Cisco  Call 
Manager  he  can  ping  the  group  and  get 
firsthand  feedback  from  users  who  have 
already  deployed  the  product. 

In  the  past,  the  group  used  to  meet  in 


Anthony  Greco  of  Cheektowaga,  N.Y, 
was  arrested  at  Los  Angeles  International 
Airport  on  Feb.  16  and  charged  with  vio¬ 
lating  the  federal  CAN-SPAM  Act,  after  the 
18-year-oid  allegedly  sent  more  than  1.5 
million  IMs  advertising  mortgage  refi¬ 
nancing  services  and  pornography  to 
users  of  MySpace.com’s  IM  service, 


User  group  power 

The  Enterprise  Networking 
Technologies  Users  Association 
represents  members’  concerns 
to  service  providers.  The  group 
includes: 

• 

Bally  Total  Fitness 

• 

Barclays  Global  Investors 

• 

Coca-Cola  Enterprises 

• 

First  Health 

e 

Ford  Motor  Company 

• 

J.C.  Penney 

• 

Lockheed  Martin 

• 

McDonald’s 

• 

Southwest  Airlines 

• 

The  Hartford 

• 

United  Parcel  Service 

• 

Weber  State  University 

person  regularly  but  since  the  Sept.  1 1  ter¬ 
rorist  attacks,  ENTUA  has  resorted  to  more 
Webcasts  and  virtual  meetings,  Shell  says. 
However,  ENTUA  is  in  the  process  of  work¬ 
ing  with  some  conferences  to  collocate 
meetings  where  many  members  already 
might  be  traveling.* 


according  to  a  statement  released  by  U.S. 
Attorney  Debra  Yang. 

The  news  comes  on  the  heels  of  a  new 
survey  from  Pfew  Internet  &  American  Life 
Project  that  reports  that  approximately  17 
million  users  have  received  spim.The  Pew 
telephone  survey  of  2,200  U.S.  adults  esti¬ 
mated  that  42%  of  the  country’s  134  mil¬ 
lion  online  adults  use  IM. 

In  fact,  real  numbers  on  IM  use  in  the  U.S. 
might  be  much  higher,  given  that  data  on 
the  most-avid  IM  users  —  those  younger 
than  the  age  of  18  —  was  not  part  of  the 
survey  says  Lee  Rainie,  director  of  the  Pew 
Internet  &  American  Life  Project. 

It  is  too  early  to  tell  if  spim  will  become 
as  big  a  problem  as  its  e-mail  cousin, 
spam.  However,  IM  is  an  important  part  of 
many  Internet  users’  lives,  and  marketers 
likely  will  figure  out  a  way  to  use  it  and 
get  information  and  sales  pitches  to  con¬ 
sumers,  Rainie  says. 

“This  is  a  target-rich  environment  that  all 
sorts  of  actors  will  figure  out  how  to 
exploit  as  the  months  and  years  unfold,” 
he  says. 

In  the  U.S.  Attorney’s  case,  authorities 
allege  that,  starting  in  October  2004, 
Greco  fraudulently  created  thousands  of 
accounts  at  MySpace,  an  online  commu¬ 
nity  in  which  members  can  write  blogs, 
share  pictures  and  send  instant  messages. 
Greco  sent  spim  messages  from  the 
accounts,  according  to  the  U.S.  Attorney’s 
statement. 

The  man  allegedly  contacted  MySpace. 
com  and  demanded  that  he  be  given 
exclusive  rights  to  send  commercial 
e-mail  to  MySpace.com  users.  When 
MySpace.com  did  not  respond,  he  threat¬ 
ened  to  share  his  technique  for  sending 
spim  messages  to  MySpace.com  users 


with  the  spamming  community  and 
“open  a  Pandora’s  box  of  Spam”  on 
MySpace’s  network,  the  statement  said. 

The  U.S.  Secret  Service  and  Los  Angeles 
Police  Department’s  Electronic  Crimes 
Task  Force  investigated  the  case. 

Prosecutors  are  charging  Greco  with 
threatening  to  cause  damage  to 
MySpace.com’s  computers  and  with 
intent  to  extort,  in  addition  to  the  CAN- 
SPAM  Act  violations.  He  faces  a  maximum 
penalty  of  18  years  in  federal  prison  if 
convicted  on  all  three  offenses,  the  U.S. 
Attorney’s  statement  said. 

Greco’s  case  might  be  the  first  criminal 
case  brought  against  a  spimmer,  but  it  is 
not  the  first  spim  case  to  make  it  to  the 
courts.  Last  October,  AOL  filed  suit  against 
20  “John  Does”  in  a  case  that  alleged  vio¬ 
lations  of  the  CAN-SPAM  Act  for  sending 
bulk  IM  solicitations  over  AOL’s  Instant 
Messenger  network. 

Roberts  is  a  correspondent  with  the  IDG 
News  Service. 


More  online! 


Listen  to  highlights  from  Mark  Gibbs'  keynote 
presentation  on  strategies  for  creating  a  messaging 
environment  that  ensures  network  integrity, 
user  productivity  and  returns  power  and  control  to 
enterprise  network  managers. 
DocFinder:  1543 
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Software  streaming  revamps  desktop 


HOW  IT  WORKS 


Software  streaming 

Software  streaming  eases  distribution  and 
management  by  streaming  operating  system  and 
application  files  to  a  desktop  from  a  central  server 
when  the  PC  is  booted  up  or  any  applications  or 
libraries  are  loaded. 

Network  _ 

/ 


Client 


□n 


TFTP  server 


DHCP  server 


Software 
streaming  server 
running  operating 
system  and 
application  image 


O  Rather  than  relying  on  the  local  hard  drive  for  the  operating  system,  preboot  execution  environment  (PXE) 
firmware  looks  to  the  network  for  operating  system  and  application  files. 

©  A  DHCP  server  provides  the  location  of  a  software  streaming  bootstrap.  The  Trivial  FTP  server  delivers  the 
location  to  the  PC.  PXE  executes  the  bootstrap. 

©  The  bootstrap  emulates  the  hard  drive  by  redirecting  Interrupt  13  interrupts  over  the  network  to  the  I/O  service. 
The  streaming  server  delivers  all  needed  operating  system  and  application  files  to  the  PC,  but  otherwise  all 
Windows  operating  system  and  programs  run  unaltered  on  the  PC. 


■  BY  JEFFREY  HIBBARD 

The  long-elusive  Holy  Grail  of  desktop 
computing  has  been  the  ability  to  provide 
IT  management  with  the  centralized  con¬ 
trol  it  needs  to  improve  security  and  drive 
down  technology  costs  without  compro¬ 
mising  speed,  functionality  or  dependabili¬ 
ty  Efforts  to  date  —  notably  thin-client 
approaches  —  have  fallen  short. 

Software  streaming  capitalizes  on  net¬ 
work  advances  to  dramatically  improve 
software  distribution  and  desktop  manage¬ 
ment.  By  centralizing  control  of  operating 
systems  and  applications,  software  stream¬ 
ing  slashes  management  and  support  costs 
while  providing  users  with  systems  that  are 
fast,  flexible  and  dependable. 

From  a  conceptual  standpoint,  software 
streaming  is  similar  to  audio  streaming. 
With  audio  streaming,  songs  are  main¬ 
tained  on  a  central  server  and  streamed 
on-demand  to  a  client  PC.  Software 
streaming  behaves  similarly  but,  remark¬ 
ably,  applications  and  necessary  elements 
of  operating  system  software  are  streamed 
to  a  desktop  from  a  central  server  when  a 
PC  is  booted  up  and  when  any  applica¬ 
tions  or  libraries  are  loaded.While  the  size 
of  an  operating  system  image  might 
exceed  1G  byte,  only  a  fraction  of  that 
(less  than  100M  bytes)  is  in  a  desktop 
computer’s  memory  at  any  given  time. 
With  software  streaming  all  programs  run 
locally  on  a  desktop  PC,  enabling  much 
greater  productivity  than  what  can  be 
achieved  with  a  thin  client. 

As  with  audio  streaming,  a  desktop  PC 
can  choose  from  a  variety  of  “golden 
images, "which  contain  different  versions  of 
the  operating  system  or  are  configured 
with  different  software.  Any  image  can  be 


streamed  on-demand,  and  all  that  is  re¬ 
quired  is  a  simple  reboot  to  so  do. 

This  breakthrough  can  be  achieved  only 
if  desktops  can  boot  from  the  network  and 
do  not  need  their  operating  systems  stored 
on  a  locally  attached  bootable  media  — 
that  is,  no  hard  drive  or  compact  flash  are 
required  to  boot  the  computer.  Wth  soft¬ 
ware  streaming,  a  desktop  utilizes  preboot 
execution  environment  (PXE)  firmware, 
which  is  standard  as  part  of  the  BIOS  or  the 
option  ROM  on  the  network  interface  card. 

Software  streaming  provides  a  diskless, 
software-only  solution  that  is  transparent  to 
clients. Windows  applications  and  Windows 


device  drivers  run  unaltered  on  desktop 
PCs.  There  are  no  hardware  requirements 
beyond  those  required  by  Windows  and  a 
PXE-enabled  network  adapter. 

Because  software  streaming  is  often  mis¬ 
understood,  it  is  important  to  reiterate  that 
an  operating  system  is  not  downloaded  to 
each  desktop,  but  rather  the  software¬ 
streaming  service  sends  only  the  files  nec¬ 
essary  for  each  desktop  to  start  using  the 
operating  system  and  desired  application. 

The  key  benefits  of  software  streaming 
include: 

•  It  lets  IT  ensure  that  all  data  and  appli¬ 
cations  are  controlled  centrally  to  provide 


the  best  business  continuity  and  security 

•  It  helps  end  users  eliminate  viruses, spy- 
ware  and  adware  simply  by  rebooting. 

•  It  lets  end  users  run  programs  locally, 
achieving  the  best  possible  performance. 

There  are  four  critical  elements  required 
to  support  a  streaming  scenario:  a  commu¬ 
nication  mechanism,  logon  services,  I/O 
services  and  administration. 

The  communication  mechanism  with 
client  desktops  includes  PXE,  which  uses 
the  DHCP  and  Trivial  FTP  standards  to  de¬ 
liver  an  IP  address  and  bootstrap  from  net¬ 
work  servers  to  a  client.  Afterwards,  PXE 
executes  the  bootstrap. 

The  bootstrap  has  been  configured  with 
the  IP  address  of  a  logon  service,  which 
authenticates  a  desktop  media  access  con¬ 
trol  address  and  establishes  a  handle  to  an 
I/O  service.  The  bootstrap  also  emulates  a 
hard  drive  by  redirecting  Interrupt  13  inter¬ 
rupts  —  necessary  for  hard  disk  reads  and 
writes  —  over  a  network  to  the  I/O  service 
rather  than  to  a  local  hard  drive.  (Interrupt 
13  is  the  software  interrupt  for  disk  I/O 
used  by  Microsoft.) 

The  I/O  service  plays  the  role  of  a  net¬ 
work  drive  and  handles  caching  on  a 
client  or  server. This  doesn’t  create  signifi¬ 
cant  network  traffic  and  latency  because 
the  cache  is  not  large  and  because  soft¬ 
ware  streaming  pre-fetches  and  uses 
other  cache  techniques. 

The  PC  functions  and  executes  as  if  the 
drive  were  local  and  is  not  aware  that  the 
necessary  operating  system  files  are  being 
streamed  on-demand  by  using  a  block-ori¬ 
ented  protocol. 

Hibbard  is  vice  president  of  marketing  for 
Ardence.  He  can  be  reached  at  jhibbard@ 
ardence.com. 


Dr.  Internet 


By  Steve  Blass 


We  are  considering  setting  our  Windows  clients 
(2000  and  XP)  to  open  a  virtual  session  to  a  serv¬ 
er  where  all  applications  are  loaded.  The  clients 
would  boot  up  using  a  local  operating  system  and 
then  access  applications  by  opening  a  session  to 
the  server.  Software  upgrades  would  only  be  per 
formed  on  the  server.  Is  this  a  good  idea? 


The  biggest  problems  are  application  network 
awareness  and  network  latency.  Running  applica¬ 


tions  from  a  network  server  requires  network- 
aware  applications.  Another  approach  is  to  use  ter¬ 
minal  services,  which  let  you  use  workstations  like 
dumb  terminals  and  run  everything  on  the  server, 
but  you  need  a  server  for  every  10  to  20  simultane¬ 
ous  users,  maybe  50  for  low-intensity  applications. 
Licensing  can  be  expensive.  I  would  look  at  Group 
Policy  Objects  implementations,  which  could  man¬ 
age  client  update  controls  through  Windows  Up¬ 
date  Services  rather  than  relying  on  server  horse¬ 


power  and  WAN  connectivity  into  business-critical 
applications.  You  want  to  position  people  to  keep 
working  when  the  network  is  down.  The  Internet  is 
unreliable.  For  some  applications,  it  seems  a  waste 
not  to  leverage  automatic  update  services  and  the 
PC  horsepower  available  on  the  desktop. 

Blass  is  a  network  architect  at  Change@Work  n 
Houston.  He  can  be  reached  at  dr.intemet@change 
atwork.com. 
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Smart  booting  and  proxy  basics 


GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 

Mark 

Gibbs 


We  start  this  week  with  a  follow-up  to 
the  amuse-bouche  portion  of  last 
week’s  dining  experience.  But  first, 
lets  refresh  your  memory:  The  topic  con¬ 
cerned  a  problem  raised  by  reader  Don 
Janeway  He  wanted  to  boot  from  a  floppy 
so  that  it,  in  turn,  booted  a  Live  CD  (a  boot¬ 
able  Linux  distro  on  a  CD)  in  the  CD  drive. 
(This  was  because  the  BIOS  of  Janeway’s 
machines  is  old  enough  to  not  support  CD 
booting.) 

Reader  Chris  Lucht  suggested  using  the 
Smart  Boot  Manager  (SBM),  which  can 
be  found  on  the  first  CD  of  the  Debian 
3.0r3  distribution. 

From  the  original  SBM  Web  site  (go  to 
www.nwfusion.com,  DocFinder:  6083)  SBM 
is:  “Smart  Boot  Manager ...  is  an  [operating 
system]  independent  Boot  Manager  —  a 
program  that  is  loaded  by  the  [BIOS] 
before  any  operating  system  and  allows 
you  to  choose  which  operating  system  to 
boot.  It’s  like  OS/2  Boot  Manager  and  many 
other  similar  programs,  for  example  System 


Commander,  Bootit,  Bootstar,  PQBoot.  But 
it’s  not  an  OS  Loader;  it’s  not  a  replacement 
for  LILO  or  other  OS  Loaders.  In  other 
words,  you  must  use  LILO  (or  other  similar 
programs)  to  boot  Linux  . . .  using  Smart- 
Btmgr  to  give  you  an  easy  to  use  interface  to 
boot  [from]  multiple  [operating  systems] .” 

The  last  release  was  Version  3.7,  which 
you  won’t  find  on  the  original  SBM  site  but 
rather  on  the  SourceForge  SBM  sub-site  at 
DocFinder:  6084. 

Anyway  Janeway  last  week  made  flop¬ 
pies  of  SBM  under  DOS,  Windows  95,98 
and  ME.  The  creation  of  the  floppies 
seemed  to  be  successful  but  when  he  tried 
to  boot  an  SBM  floppy  on  any  machine 
other  than  the  computer  the  disk  had  been 
created  on,  the  boot  failed  and  displayed 
the  message,  “SBMK  Bad!”  It  seems  that 
each  machine  that  he  tried  had  a  different 
type  of  floppy  disk  controller. 

We  got  an  update  from  him  last  week:  He 
used  rawrite3.com  (DOS)  and  rawwrite 
win-0-7.zip  (Windows  9x)  to  make  the  SBM 
boot  disk  and  now  he  can  “make  SBM 
work  on  several  computers  with  several 
[operating  sytems]  (IBM  ThinkPad  WinXP 
PC’s  x386  and  x586  running  Win  3.1,95  and 
98)  [but]  the  old  Dell  laptop  (Win  ME) 
refuses  —  I  still  get  SBMK  Bad  regardless  of 
FD  controller.  Must  be  something  in  the 


Dell  BIOS,  or  the  floppy  drive  itself.  I  don’t 
have  another  Dell  floppy  drive  to  try  so  I’m 
stuck  there.” 

We  found  a  comment  in  a  Web  forum 
that  SBM  is  finicky.  The  author,  Jeffrey 
Cunningham, suggested  that  when  you  cre¬ 
ate  the  SBM  floppy  you  should  immediate¬ 
ly  write-protect  the  disk.  When  SBM 
prompts  you  to  “save  changes,”  you  should 
respond  with  ‘n.’  If  you  allow  SBM  to  write 
to  an  unprotected  floppy  the  next  time  you 
boot  you  will  get  the  “SBMK  Bad!”  error 
message. 

Interestingly,  Cunningham  concluded 
that  if  SBM  still  gives  a  disk  error,  the  cause 
is  your  CD-ROM  drive  or  whatever  source 
you’re  trying  to  boot  from.  He  also  found 
that  older  Dell  CD-ROM  drives  are  not 
bootable  using  SBM  or  any  other  method, 
and  suggested  replacing  the  CD-ROM 
drive.  This  is  an  arcane  problem.  Any 
thoughts  on  why  some  FD  controllers 
would  cause  problems? 

A  few  months  ago  we  discussed  a  simple 
software  proxy  server  (DocFinder:  6085).. 
Many  readers  responded  wanting  basic 
information  about  deploying  proxies  and 
what  to  do  in  an  enterprise  environment.  A 
good  topic.  Let  us  start  with  the  basics: 

A  proxy  server  usually  serves  multiple 
roles:  It  always  acts  as  a  security  device, 


and  its  optional  functions  are  as  a  network 
management  tool  and/or  a  performance 
enhancement  subsystem.  At  its  simplest,  a 
proxy  server  accepts  requests  from  one  or 
more  computers  and  relays  those  requests 
to  other  computers  to  screen  and/or  con¬ 
trol  the  access  of  PCs  on  an  internal  net¬ 
work  to  services  on  the  Internet. 

By  blocking  or  limiting  inbound  connec¬ 
tions  (technically  termed  “IP  forwarding”) 
made  from  a  WAN  to  a  LAN  and  presenting 
the  Internet  with  a  single  outbound  IP 
address,  a  proxy  server  provides  features 
similar  to  those  of  a  firewall  protecting  the 
LAN  from  external  intrusion. 

Things  get  interesting  when  a  proxy  serv¬ 
er  is  used  as  performance  enhancement 
subsystem.  Because  a  proxy  server  exam¬ 
ines  every  protocol  exchange  and  relays 
requests,  it  can  keep  copies  of  the  data  so 
that  multiple  requests  for  identical  content 
can  be  satisfied  from  a  cache  rather  than 
having  to  re-issue  the  request  to  the  remote 
server.  Not  only  does  this  reduce  WAN  con¬ 
nection  loading,  but  retrieving  content 
from  the  proxy  cache  instead  of  a  remote 
server  can  be  orders  of  magnitude  faster. 

Next  week,  we’ll  delve  into  proxy  tech¬ 
nology.  Until  then,  send  your  requests 
directly  to  gearhead@gibbs.com. 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Phoenix  Audio  launches  VoIP  headset  alternative 

If  you  like  using  your  computer  for  making  VoIP  calls  but 
don’t  like  using  a  headset,  the  Solo  Conference  micro¬ 
phone  from  Phoenix  Audio  Technologies  might  fit  the  bill. 
The  USB  conference  microphone  is  available  for  about 
$200,  and  connects  directly  to  a  PC  for  use  in  softphone 
VoIP  and  Webconferencing  applications. 

The  system  includes  echo  cancellation, 
noise  suppression  and  equalization  features. 

Multiple  participants  can  join  an  online  con¬ 
ference  at  the  same  endpoint  without  using 
a  headset,  Phoenix  says.  A  small  form  factor 
also  means  the  device  takes  up  very  little 
desktop  space. 

More  details  are  available  at  www.phnxau 
dio.com. 


Phoenix  Audio  offers  a  headset-free 
alternative  for  VoIP  calls  with  its  Solo 
Conference  microphone. 

2G  bytes  of  music  on  a  tiny  audio  player 

PNY  Technologies  last  week  launched  a  new  Vibe 
digital  audio  player,  which  supports  MP3  and  Windows 
Media  Audio  files, and  can  store  up  to  2G  bytes  of  files.The 
player  will  cost  about  $300  and  is  scheduled  to  be  avail¬ 


able  in  the  second  quarter. 

The  device  features  a  sliding  faceplate  that  exposes 
and  protects  the  control  panel,  and  a  backlit  LCD 
screen.  In  addition  to  playing  MP3s,  the  Vibe 
includes  an  FM  radio  and  voice  recorder, 
and  can  double  as  a  regular  USB- 
based  memory  storage  device.  It  oper¬ 
ates  on  a  single  AAA  battery  and  provides 
up  to  12  hours  of  continuous  play 
PNY  says.  Other  Vibe  players  are 
available  in  128M-,  265M-  512M- 
and  lG-byte  capacities. 

Sprint,  Sanyo  debut  new 
multimedia  phone 

Sprint  and  Sanyo  last  week  launched  the  MM-5600  multi- 
media  phone,  which  lets  users  lis¬ 
ten  to  music  (MP3  and  unen¬ 
crypted  advanced  audio  coding 
files),  take  photos, and  view  video 
at  rates  of  up  to  15  frames  per 
second.  The  device  includes  a 
1.3-megapixel  camera  with  flash, 
digital  zoom  and  video  recording 
functionality  It  is  scheduled  to  be 
available  mid-March  for  $430  (or 
$280  after  rebates). 

The  phone  also  includes  a 
miniSD  memory  card  (16M 
bytes)  for  storing  photos,  music 
files  or  videos,  and  comes  with 
an  adapter  to  let  the  card 
transfer  data  to  Secure 
Digital-compatible  devices. 
With  larger  miniSD  memory  cards 
(at  least  128M  bytes),  users  can  shoot  up  to  90 
minutes  of  video,  Sprint  says.  With  an  included  USB  cable, 
the  device  can  be  used  with  the  memory  card  to  act  like  a 


Sprint  and  Sanyo's  MM- 
5600  multimedia  phone 
lives  up  to  its  name  with 
file  storage,  camera  and 
video  capabilities. 

")  ^  key-chain  storage  device  and 

'  transfer  them  to  the  PC. 

^  Other  features  include  a  2.1-inch 
s  internal  color  display  a  1.1-inch  external 
color  display  support  for  Sprint  PCS  Ready 
Link  (walky-talky  service),  speaker  phone,  voice 
recorder,  WAP  2.0  browser,  Java  (J2ME)  download  ability 
Short  Message  Service,  e-mail  support  and  voice-activated 
dialing.The  phone’s  standard  battery  can  support  up  to  3.4 
hours  of  talk  time  and  up  to  10.5  days  in  standby  mode. 

Movie  clip  extractor  now  available  for  Windows 

Miraizon  announced  last  week  that  its  DVD  movie  clip 
extraction  software,  Cinematize  2,  is  now  available  on  the 
Windows  platform.The  software  lets  users  extract  audio  or 
video  clips  off  unencrypted  DVDs  (most  commercial 
DVDs  are  encrypted,  though)  and  save  them  in  a  format 
compatible  with  standard  multimedia  editing  tools.  This 
lets  users  create  new  content  from  current  DVDs,  the  com¬ 
pany  says.  Originally  available  on  Macintosh  only  the  new 
version  can  be  downloaded  for  Windows  systems  for 
about  $60  (free  trial  version  available)  at  the  Miraizon  Web 
site.  A  packaged  version  of  Cinematize  2  for  Windows  is 
scheduled  to  be  available  later  this  year. 

In  addition  to  extracting  movie  content,  the  software  can 
extract  still  pictures  by  extracting  specific  short  segments, 
the  company  says.  Audio  content  support  includes  PCM, 
AC-3,  MPEG,  DTS  and  SDS,and  video  support  includes  PAL, 
NTSC,  MPEG-1  and  MPEG-2. Clips  are  compatible  with  mul¬ 
timedia  editing  tools  from  companies  such  as  Roxio.Nero, 
Microsoft,  Adobe  and  Apple. 

Shaw  can  be  reached  at  kshaw@nww.com. 


Nortel’s  Adaptive  WLAN  system 
is  the  intelligent  solution  for 
secure  mobility. 


The  Nortel  Adaptive  WLAN  System  provides  secure 
802.1 1  a/b/g  wireless  mobility  that  allows  you  to  roam 
seamlessly  throughout  the  office,  between  floors  and 
even  buildings.  The  system  features  self-configuring, 
self-healing  and  self-optimizing  access  points  that 
automatically  adapt  to  changing  conditions  so  important 
data,  voice  and  multimedia  applications  aren't  immobilized 
by  your  mobility  solution.  The  Adaptive  WLAN  System 
delivers  superior  network  protection  with  enhanced  flexibility 
for  rapid  deployment  and  unsurpassed  management. 
It's  secure,  it's  intelligent,  it's  true  mobility. 


NORTEL 

Authorized 

Distributor 


Westcon  can  help  you  become  more 
successful  selling  secure  wireless. 

Westcon  knows  what  it  takes  to  help  you  become  more 
successful  selling  secure  wireless  solutions.  It  takes  a 
commitment  to  customer  care  that  transcends  the  ordinary, 
and  makes  ensuring  your  success  our  number  one  priority. 
Let  Westcon  show  you  how. 

Win  a  FREE  wireless  bundle.  Visit  us  on  the  web 

today  to  register  for  a  chance  to  win  the  latest  wireless 
technology,  and  start  earning  incredible  prizes  like  Best 
Buy  Cards,  iPods,  Palm  Pilots  and  BlackBerrys.  You’ve 
earned  the  right  to  be  rewarded. 


westcon 

networking  together* 


©  2005  Westcon  Group  N.A..  Inc.  All  product  names  are  trademarks  of  their  respective  companies. 
Restrictions  may  apply.  Palm  Pilot  is  a  registered  trademark  of  palmOne,  Inc.  BlackBerry  is  a 
registered  trademark  of  Research  In  Motion  Limited.  iPod  is  a  registered  trademark  of  Apple  Corp. 


www.westcon.com/mobility  •  1-877-779-3342 


Smarter  Edge  I  Convergence  Edge  I  Government  Edge 


38 


2/28/05 


ON  TECHNOLOGY 

Neal  Weinberg 

Competitive 
telcos  fight 
for  survival 


Without  going  into  gory  detail, lets  just  say  the  past 
five  years  have  not  been  kind  to  the  competitive 
telecom  industry  And  the  worst  might  be  yet  to 

come. 

The  recently  announced  AT&T/SBC  and  MCI/Verizon 
megamergers  could  hurt  competitive  local  exchange  carri¬ 
ers  (CLEC)  in  a  few  ways:  First,  it’s  never  a  good  thing  when 
you’re  the  little  guy  and  the  big  guys  you’re  competing 
against  get  even  bigger  and  stronger. 

Second,  AT&T  and  MCI  fought  the  good  fight  in  front  of 
the  FCC  on  behalf  of  the  non-RBOCs.  Now  the  CLECs  will 
have  to  take  on  those  regulatory  battles  alone.  And  based 
on  recent  FCC  rulings,  that’s  probably  not  a  good  thing. 

The  FCC  dealt  a  stinging  blow  to  the  beleaguered  CLECs 
by  voting  in  December  to  phase  out  the  rule  that  gave  the 
CLECs  discounted  access  to  the  RBOCs’  local  loops  for 
competitive  voice  services. This  means  the  CLECs  need  to 
either  build  out  their  own  networks  or  find  a  last-mile  alter¬ 
native  to  RBOC  copper. 

Which  brings  us  to  problem  No.  3  —  the  capital  markets 
got  burned  once  financing  giant  fiber  network  build-outs, 
and  they  aren’t  about  to  go  down  that  road  again. 

All  in  all,  it  looks  pretty  grim  for  the  competitive  telcos. 
But  you  wouldn’t  know  it  from  the  CompTel/ASCENT  show 
in  New  Orleans  earlier  this  month.Three  thousand  people 
turned  out,  the  show  floor  was  full,  vendors  were  introduc¬ 
ing  new  services  for  enterprise  customers,  and  there  was  a 
definite  buzz  in  the  air.  So  what  gives? 

Well.it  takes  a  pretty  determined  entrepreneur  to  take  on 
companies  such  as  Verizon  and  SBC  in  the  first  place.  And 
that  fighting  spirit  was  evident  throughout  the  show. 

Mark  Richards,  president  of  Vox  Communications,  urged 
his  colleagues  to  transition  to  VoIP  immediately“CLECs  are 
not  going  to  die,”  he  said  defiantly’The  vast  majority  of 
what  you  do,  [billing,  customer  care,  etc.]  carries  over  to 
the  VoIP  world.  Get  into  it  now? 

VoIP  was  certainly  the  hot  topic  among  the  CLECs,  but 
not  the  only  one. WiMAX,  satellite  and  broadband  over 
power  line  were  also  mentioned  as  alternatives  to  copper. 

On  a  more  strategic  level,  there  was  widespread  agree¬ 
ment  that  opportunities  still  exist  for  smaller,  more  focused, 
nimbler  players  to  thrive  in  a  world  dominated  by  the  tele¬ 
com  giants. 

“This  transition  period  will  be  painful,” said  CompTel/ 
ASCENT  CEO  H.  Russell  Frisby“The  landscape  will  look 
quite  different.” 

But  will  the  competitive  telecom  industry  survive? 
“Absolutely  he  said. “We  bottomed  out  and  we’re  on  our 
way  back.” 


—  Neal  Weinberg 
Features  editor 
Nweinberg@nww.  com 
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Assessing  Powell 

Regarding  Johna  Till  Johnson’s  column  “Praise  for 
Fbwell  doesn’t  square  with  the  facts,”  www.nwfu- 
sion.com, DocFinder:  6081):Thanks  for  injecting  par¬ 
tisan  politics  into  a  technology  magazine.  There’s 
nothing  I  look  forward  to  more  than  someone  grind¬ 
ing  their  political  axe  in  an  IT  publication. 

“Don’t  get  me  wrong,  I’m  not  saying  Powell  doesn’t 
deserve  accolades,”  Johnson  wrote.  Well.. .yeah,  she 
is.  At  least  that’s  what  I  gathered  after  reading  about 
how  he  single-handedly  destroyed  competition, 
trashed  the  First  Amendment  and  put  the  media 
under  an  authoritarian  censorship  regime.  I  mean, 
come  on,  there  were  too  many  standards  on  radio 
and  television  anyway  We  needed  more  smut,  espe¬ 
cially  on  public  airwaves.  Because,  as  we  all  know, 
I’m  perfectly  capable  of  monitoring  my  9-year-old  24 
hours  a  day  and  if  inappropriate  material  comes  on 
the  radio  or  TV  from  an  aspiring  Howard  Stern 
clone,  hey  I  should  be  right  there  to  change  the 
channel.Thanks  for  setting  me  straight  on  that. 

Douglas  Stanley 
IT  manager 
Montgomery  Airport  Authority 
Montgomery,  Ala. 

I  want  to  thank  Johna  Till  Johnson  for  her  forthright 
and  accurate  depiction  of  Michael  Powell’s  tenure  as 
chairman  of  the  FCC.  Powell  seriously  impeded 
competition  in  all  aspects  of  the  telecommunica¬ 
tions  industry  and,  to  me  at  least,  had  no  under¬ 
standing  of  the  basic  underlying  technologies 
involved  in  newer  services. 

Dan  Lavery 
Partner 
Matterhorn  Group 
Wyckoff,  N.J. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix.  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


The  Big  One 

Mark  Gibbs’  column  “The  Big  One:  Millions  and  bil¬ 
lions”  (DocFinder:  6079)  reminds  me  of  a  recent 
Discovery  Channel  show  I  saw  recently  about  Mt. 
Vesuvius.The  people  knew  the  Big  One  was  coming. 
The  government  had  a  plan  that  was  more  of  a 
dream  than  a  workable  solution  for  dealing  with  the 
Big  One.  The  people  in  the  shadow  of  Vesuvius  had 
an  attitude  like  that  of  most  computer  users:  “We 
have  been  dealing  with  it.” 

The  volcano  had  minor  eruptions  every  few 
decades,  and  the  people  rebuilt  on  top  of  the  new 
landscape,  just  like  computer  users  who  patch  their 
operating  systems  after  the  latest  worm.  This  gives 
the  illusion  of  dealing  with  the  problem.  In  IT,  we 
make  backups  and  redundant  systems. We  even  buy 
generators  and  fire-suppression  systems,  but  these 
are  nothing  more  than  micro-focused  tasks  to  re¬ 
assure  ourselves,  like  those  living  in  the  shadow  of 
Vesuvius. 

The  last  time  Vesuvius  went  big,  there  was  a  slow 
buildup  of  the  usual  eruptions,  then  things  went 
from  bad  to  catastrophic.  I  envision  the  IT  Big  One 
going  down  in  much  the  same  way  One  day  the 
usual  issues  we  have  grown  so  used  to  will  blossom 
to  devastate  30%  to  70%  of  network  infrastructure, 
servers  and  PCs.  Replacement  parts  demands  will 
dry  up  the  market  and  drive  up  prices.  We’ll  have  to 
decide  who  really  needs  to  use  the  few  remaining 
resources  to  work.  Massive  unemployment,  spotty 
network  service  and  broken  business  relationships 
will  be  just  part  of  the  fallout. 

The  Y2K  threat  inspired  people  to  build  fallout 
shelters  and  store  food.  These  are  just  higher  levels 
of  backups  and  UPSs.The  Big  One  could  have  noth¬ 
ing  to  do  with  computers  at  all.  Perhaps  65  million 
years  from  now,  the  ancestors  of  cockroaches  will 
look  at  fossilized  PCs  and  wonder. 

Tim  Mead 
Ogden,  Utah 
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USER  VIEW 

Chuck  Yoke 


Before  my  career  in  technology  I  was  in 
the  culinary  field,  which  has  its  own 
unique  terminology. When  a  restaurant 
runs  out  of  a  menu  item.it  is“86ed.”It  is  com¬ 
mon  to  hear  “86  prime  rib”  or  “86  lobster” 
called  out  in  the  kitchen  so  the  wait  staff 
knows  those  items  are  no  longer  available. 
One  of  my  cooks  never  used  the  term  “86.”  When  he  ran  out  of  an 
item,  he  simply  said, “There  ain’t  none.”  Not  as  dramatic  as  “86,”  but  it 
got  the  message  across. 

At  the  risk  of  being  called  a  heretic,  I  have  come  to  the  conclusion 
that  we  need  to  start  86-ing  the  emphasis  on  VoIP  cost  savings,  for  in 
the  majority  of  cases, “there  ain’t  none.” 

Now  don’t  get  me  wrong;  I  totally  support  VoIP  It  is  the  way  of  the 
future  and  if  you  are  not  currently  evaluating  VoIP  options,  you  need 
to  be.  But  don’t  think  you  are  going  to  generate  substantial  cost  sav¬ 
ings  with  VoIP  At  best,  you  might  see  a  modest  reduction  over  time, 
but  more  likely  your  costs  will  remain  static  or  increase. 

Large  corporations  have  negotiated  voice  rates  of  pennies  per 
minute,  and  MCI’s  emergence  from  bankruptcy  has  created  a  quasi¬ 
price  war  that  lets  even  small  companies  obtain  significant  reduc¬ 
tions  in  voice  rates. 

The  toll  bypass  feature  of  VoIP  is  no  longer  significant. 

The  promise  of  reduced  support  costs  through  simplified  manage¬ 
ment  systems,  converged  voice/data  support  staff  and  a  single  infra¬ 
structure  is  yet  to  be  realized.  Over  a  five-year  analysis,  the  combined 


‘86’  the  VoIP  cost  savings 


costs  of  new  capital,  upgraded  management  systems,  training  and 
conversion  activities  can  eliminate  any  savings  gained  by  reducing 
voice  circuits. 

So  why  do  I  support  VoIP?  Because  I  don’t  have  a  choice.  The  one 
entity  that  will  gain  a  financial  advantage  with  VoIP  is  the  carriers, 
which  will  be  able  to  reduce  their  overall  infrastructure  and  support 
costs.  Because  of  this,  the  carriers  will  move  to  VoIPWhile  the  carri¬ 
ers  will  continue  to  support  TDM  in  the  near  term,  the  associated 
costs  will  increase.  I  need  to  adopt  VoIP  in  order  to  avoid  higher  TDM 
costs. 

Similarly,  in  the  data  world,  the  carriers  are  phasing  out  support  for 
low-cost  X.25  connections.They  will  continue  to  support  X.25,but  at 
much  higher  costs.  I  need  to  convert  my  X.25  networks  to  IP  and  my 
voice  functionality  to  VoIP  not  to  save  costs  now  but  to  avoid  even 
higher  operating  costs  in  the  near  future.  And  this  in  itself  is  a  sound 
business  case. 

VoIP  is  the  future  of  voice.  I  recommend  VoIP  for  any  new  imple¬ 
mentation  and  am  planning  for  eventual  enterprise-wide  VoIP  But  I 
will  not  realize  any  cost  savings.What  I  will  realize  is  a  lower  increase 
in  costs  than  if  I  try  to  stay  with  TDM. 

If  you  are  analyzing  VoIP  and  see  substantial  cost  savings,  re-check 
your  numbers.You  probably  left  something  out.To  paraphrase  my  old 
kitchen  staff:  86  VoIP  cost  savings.There  ain’t  none. 


We  need  to  start 
86-ing  the 
emphasis  on  VoIP 
cost  savings . . . 
there  ain’t  none. 


Yoke  is  director  of  business  solutions  engineering  for  a  corporate  net¬ 
work  in  Denver.  He  can  be  reached  at  ckyoke@yahoo.com. 


ABOVE  THE  CLOUD 

James  Kobielus 


as  anybody  noticed  that  the  application 
platform  market  is  melting  down? 
Service-oriented  architecture  principles 
are  dissolving  the  underpinnings  of  yester¬ 
day’s  computing  environments,  making  con¬ 
cepts  such  as  “platform, ’’“application”  and  “lan¬ 
guage”  irrelevant  in  the  world  of  Web  services. 
But  SOA  and  Web  services  are  just  one  part  of  the  platform-meltdown 
equation.  The  platform  vendors  are  also  flailing  about,  not  able  to 
achieve  the  momentum  to  place  their  environment  —  be  it  Windows, 
Java  2  Platform  Enterprise  Edition  (J2EE),  or  Linux/Apache/MySQL/ 
PPP  (LAMP)  —  head  and  shoulders  above  the  rest.  All  these  platforms 
are  dissolving  into  a  pool  of  fear,  uncertainty  and  doubt  (FUD)  that  has 
enterprise  customers  scratching  their  heads, seeing  no  clear,  slam-dunk 
platform  for  their  current  and  evolving  needs. 

Look  at  Microsoft’s  tortuous  path  from  .Net  to  Longhorn  and  beyond. 
The  software  giant  has  decomposed  the  new  generation  into  a  bunch 
of  incremental  releases  with  various  release  dates,  many  of  them  indef¬ 
inite,  strung  out  over  several  years,  with  the  strong  likelihood  of 
unanticipated  delays.  Nobody  has  any  confidence  that  Microsoft  will 
ship  any  piece  of  its  Longhorn  road  map  on  time  —  that  is,  within 
Software  Assurance  time  frames  that  would  entitle  customers  to  an 
upgrade  (for  which  many  have  prepaid, with  no  guarantee  of  delivery). 
And  nobody  has  any  confidence  that  the  resulting  Longhorn-genera¬ 
tion  platform  components,  apps  or  tools  will  enable  tight  security 
The  rival  J2EE  camp  is  slogging  through  its  own  field  of  FUD.  One  of 
the  biggest  issues  is  whether  the  J2EE  “standard” —  actually,  an  evolving 
assemblage  of  standards  and  specifications  developed  by  Java  vendors 
under  the  Java  Community  Process  —  will  survive  in  the  face  of  “rebel” 
Java-based  frameworks  that  offer  simpler  development/runtime 
approaches  than  the  full  J2EE  1.3  or  1.4  stacks. 

The  fundamental  fault  line  in  the  Java  community  is  between  those 
who  favor  development  of  POJO  (plain  old  Java  objects)  vs.  those  who 
stress  what  1  call  “MOJO”  (massive  obnoxious  J2EE  overhead). That’s  a 


FUD  muddies  platform 


spectrum  from  simplicity  to  complexity  from  lightweight  to  heavy¬ 
weight,  from  loosey-goosey  to  strict-constructionist  Java  programming. 
Though  J2EE  1 .4  is  out  and  J2EE  1 .5  is  in  the  works,  nobody  has  any 
confidence  that  most  J2EE  app  platforms  vendors  will  support  the  full 
evolving  “standard”  in  future  releases.  Companies  that  have  committed 
to  J2EE  are  sweating  profusely  wondering  whether  the  fabled  cross¬ 
platform  framework  is  a  thing  of  the  past. 

The  LAMP  platform  vendor  community  is  still  in  its  heyday  —  in  other 
words,  vendors  such  as  Red  Hat,  Novell  and  JBoss  still  can  claim  con¬ 
siderable  momentum  in  new  customer  wins.  LAMP  isn’t  a  platform  in 
the  single-vendor  governance  model  (a  la  Windows)  or  single-commu¬ 
nity  governance  model  (a  la  J2EE). Rather, LAMP  refers  loosely  to  appli¬ 
cation  environments  built  on  Linux  and  other  open  source  compo¬ 
nents  (including  but  not  limited  to  the  “AMP”  components  in  its  name). 

One  of  the  biggest  FUD  issues  with  LAMP  is  vendors’  inability  to 
assure  customer  indemnification  against  damages  that  might  result 
from  IP  infringements  associated  with  various  open  source  compo¬ 
nents.  Investing  in  a  LAMP-based  solution  is  a  bit  like  buying  a  house 
without  title  insurance: You  pay  hundreds  of  thousands  of  dollars  with¬ 
out  any  assurance  that  a  long-lost  titleholder  won’t  someday  be  able  to 
evict  you  from  your  property 

Another  FUD  issue  is  the  potential  for  nasty  technical  fingerpointing 
when  the  inevitable  security  issues  strike  LAMP  platforms.  No  two  ven¬ 
dors’  LAMP  platforms  are  alike.  Each  vendor  (indeed,  each  user)  can 
and  does  assemble  an  environment  from  a  diverse  collection  of  open 
source  components  from  diverse  open  source  communities.  Any  secu¬ 
rity  issue  or  interoperability  glitch  will  be  a  nightmare  to  fix. 

All  these  platforms  —  Windows,  J2EE  and  LAMP  —  will  survive.  All 
will  continue  to  evolve.  But  none  of  them  will  overcome  the  flood  of 
FUD  that  cramps  their  respective  futures. 

Kobielus  is  an  independent  IT  consultant  and  analyst  in  Alexandria, 
Va.  He  can  be  reached  at  (703)  924-6224  or  james_kobielus@hot- 
mail.com. 
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From  right  here. 
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Manage  your  data  center  from  anywhere... 

In  today's  pressure  filled  “uptime”  environment  where  a  few 
minutes  can  cost  you  big  dollars,  customer  confidence  and 
worker  productivity,  you  can't  afford  to  have  IT  problems.  And, 
you  know  fewer  administrators  and  “lights  out”  control  of  your 
data  centers  gives  you  a  much-needed  security  buffer. 

SecureLinx™ 

Lights  out  remote  data  center  management. 


Lantronix  gives  you  access  to  ALL  of  your  data  center  assets 
from  anywhere  over  the  Internet  via  a  browser,  and  total  out-of- 
band  access  if  the  network  is  down.  We  also  offer  the  only 
console  manager  available  with  a  NIST-certified  implementation 
of  Advanced  Encryption  Standards  (Rijndael)’  along  with  SSL 
and  SSH  -  assuring  you  the  highest  level  of  security  available. 


4 


T-,  C 

□ 


Secure  Console  Managers 

Remote  management  of  Linux,  Unix  and 
Windows®  2003  servers,  routers,  switches, 
teiecom  and  building  access  equipment. 

-  Respond  faster  and  reduce  downtime 

-  Consolidate  resources  and  minimize  costs 


Remote  KVM™  via  IP 

Manage  an  entire  room  full  of  Windows  and 
Linux  servers  from  a  single  desktop,  from 
anywhere  over  the  Internet. 

-  Eliminate  need  for  multiple  keyboards, 
monitors  and  mice 

-  No  client  software  required 


Remote  Power  Managers 

Control  the  power,  individually,  to  every  device 
in  the  data  center  via  a  web  browser. 

-  Reboot  system  remotely 

-  Ensure  safe  power  distribution  and  reduce 
in-rush  overload 


® 


LANTRONIX 


Network  anything.  Network  everything. 


Editor's 

Choice 


SecureLinx  SLC16 
Winner  of  the  Network 
Computing  Editor’s 
Choice  Award 


’As  of  August  2004,  SecureLinx  SLC  is  the  only  console  manager  with  a  NIST-certified  implementation  of  Advanced  Encryption  Standards  as  specified  by  FIPS-197 
(Federal  Information  Processing  Standards).  <D  2005  Lantronix,  Lantronix  is  a  registered  trademark,  and  SecureLinx  and  Remote  KVM  are  trademarks  of  Lantronix,  Inc. 


www.lantronix.com  I  (800)422-7055 


COVER  ILLUSTRATION:  JOHN  HERSEY 
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REVIEW  OR  TEST:  Why  the  difference  matters 


|  Gene  Shalit  reviews  movies.  Jeffrey  Steingarten  reviews  restaurants. 

*  The  New  York  Times  reviews  books.  Network  World  tests  products. 

*  t  &  4 

The  distinction  between  the  words  you’d  be  foolish  to  trust  an  opinion  about  that  product 
g*  '  “review”  and  “test”  may  seem  incon-  based  solely  on  a  review  of  marketing  documents  writ- 

sequential  at  first  pass.  But  the  dif-  ten  by  the  organization  that’s  trying  to  sell  you  said 
ference  between  the  actions  represented  by  these  product.  Far  wiser  would  be  turning  to  the  judgments 
verbs  can  be  an  important  one  —  especially  if  you  are  of  an  objective  third-party  expert  who  has  conducted 
looking  for  objective  insight  into  how  installing  a  new  thorough  hands-on  testing  of  the  product. 

10G  Ethernet  switch,  SSL  VPN  or  wireless  access  point  We  don’t  take  our  test  program  lightly,  or  this  annual 
will  affect  your  network.  designation  of  the  best  products  of  all  those  tests. 

A  significantly  large  portion  of  the  industry  awards  That’s  why  we  selected  only  42  of  the  260  products  we 
bestowed  on  products  today  by  trade  publications,  tested  in  the  past  year  as  finalists,  with  nine  of  those 
online  sites  and  trade  show  marketing  engines  require  being  the  ultimate  award  winners.  Look  inside  for 
the  product  to  meet  a  single  criterion.  They  have  to  more  on  the  how  and  why  behind  our  choices,  and 
look  good  on  paper.  then  say  it  with  me:  “ Network  World  tests  products.” 

That’s  right.  Too  often,  a  product  wins  the  award  And  understand  that  we’re  not  going  to  recommend 
because  the  marketing  collateral  says  it  tastes  a  product  to  you  that  we’ve  not  had  a  significantly 
great  and  that  it’s  less  filling.  good  hands-on  experience  with  ourselves. 

That  might  be  a  good  assessment  strategy  for  buying 
cheap  beer.  But  if  you're  looking  to  drop  hundreds  of  —  Christine  Burns 
thousands  of  dollars  on  a  product  that  will  affect  your  Executive  editor,  testing 

network’s  performance,  security  and/or  availability,  cburns@nww.com 


Category-breaking 

innovation 


Testing  outside  the  box 


Signature  Sign-off:  Really  cool  tools 


Open  source,  tried  and  true 


The  Best  Products  Issue  is  one  of  six  bimonthly  supplements  providing 
insights,  opinions  and  information  on  the  biggest  trends  in  networking.  Up 
next  is  the  Network  World  200  Issue,  our  annual  exploration  of  the  200  / 

biggest  network  vendors  in  North  America,  coming  April  25.  Also  visit  \ 
the  Best  Products  Issue  online,  at  www.nwfusion.com/best/2005. 
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These  nine  award  winners  stand  out  among 
260  products  tested  and  42  finalists  for 
outstanding  performance  and  unbeatable  value. 


ast  year’s  crop  of  network  products 
tested  by  the  Network  World  Lab 
Alliance  isn’t  likely  to  get  noted  in  the 


Farmers9 Almanac,  but  it  certainly  was  a  bumper  one. 

In  all,  we  tested  more  than  260  products  from  more  than 
200  vendors.  Forty-two  stood  out  as  top  performers  dur¬ 
ing  rigorous,  hands-on  testing  —  in  some  cases  lasting 
weeks  or  months  —  in  one  or  more  of  our  13  Network 
World  Lab  Alliance  partner  facilities  or  in  the  lab  run  by 
Keith  Shaw,  senior  editor  of  product  testing. 

Nine  stood  out  as  the  cream  of  the  crop,  earning  our 
highest  recommendation  for  enterprise  deployment 
among  the  42  finalists.  Each  garnered  a  Best  of  the  Tests 
Award  in  this,  our  sixth  annual  presentation. 

From  260  to  42 

To  narrow  the  field  to  our  42  finalists,  we  grouped  top  products  from  dis¬ 
parate  tests  into  eight  categories  based  on  the  most  critical  network  func¬ 
tion  the  product  addresses.The  categories  are: 

•  Messaging  and  collaboration:  collaborative  workspaces,  instant-mes¬ 
saging  management,  Web  conferencing  meeting  spaces. 

•  Network  infrastructure:  access  routers,  blade  servers,  dual  WAN  routers, 
Ethernet  backbone  and  workgroup  switches,  wireless  network  gear. 

•  Network  management:  desktop  and  client  man¬ 
agement  suites,  network  analysis  tools,  network  con¬ 
figuration  management  products,  network  model¬ 
ing  wares,  network  performance  analysis  software, 

WAN/bandwidth  management  products. 

•  Security  infrastructure:  authentication  servers, 
intrusion-prevention  systems  (IPS),  IPSec  VPNs, 
security  appliances,  SSL  VPNs. 


•  Security  management:  anti-spy  software,  anti-virus  management  soft¬ 
ware,  endpoint  security  tools,  patch  management  wares,  policy  auditing 
and  compliance  software,  security  event  management  products,  Secure 
Shell  management  servers,  vulnerability  assessment  and  management 
products. 

•  Storage:  director-class  multi-protocol  switches,  workgroup  switches, 
disaster-recovery  tools. 

•  Web  infrastructure:  Web  application  firewalls,  Web  application  moni¬ 
toring  tools,  Web  front-end  devices. 

•  Wireless  and  mobility:  location-based  security  systems  for  wireless 
LANs,  mobile  middleware,  WLAN  management  and  monitoring  tools. 

All  our  finalists  had  to  make  the  grade  on  overall  performance,  man¬ 
agement  capabilities,  unique  feature  sets  and  ease  of  use. 

From  42  to  9 

To  determine  which  of  each  category’s  finalists  most  deserved  Best  of 
the  Tests  honors,  we  considered  each  product’s  overall  usefulness  when 
deployed  in  a  large-scale  network.Those  having  multiple  tools  for  getting 
the  job  done  carried  more  weight  than  point  products  honed  for  a  sin¬ 
gle  task.  (Why  nine  winners  instead  of  eight?  We  named  two  winners  in 
the  hard-to-call  network  management  category) 

Besides  these  42  finalists  and  nine  winners,  we  also  laud  products  we 
tested  in  several  groundbreaking  evaluations  —  of  anti-spam,  IPS,  VoIP 
and  wireless  security  products. We  didn’t  designate 
winners  in  these  tests  for  a  variety  of  technical  rea¬ 
sons  but  do  highlight  noteworthy  performances. 
For  a  look  at  these  exceptional  wares,  see  “Testing 
outside  the  box,”  page  64. 

And  now,  read  on  to  find  out  more  about  how  our 
Best  of  the  Tests  winners  could  help  increase  your 
network  yield. 


NETWORK  WORLD 
LAB  ALLIANCE 


webroot* 

Spy  Sweeper” 

Enterprise 


Spyware  makes  yourentire  business  vulnerable,  butwe  have  you  covered 
Webroot  Spy  Sweeper  Enterprise  identifies  and  eliminates  spyware  across 
your  network  and  even  protects  your  remote  users.  Using  the  most 
comprehensive  database  of  spyware  definitions  and  backed  by  an 
automated  research  process,  Webroot  Spy  Sweeper  Enterprise  actively 
blocks  new  spyware  before  users  become  infected.  Find  out  how  much 
of  your  enterprise  is  being  exposed  by  spyware,  run  a  free  network  scan 
at  www.webroot.com/barespyware  or  contact  us  at  866.254.5915 


NetworkWorld 
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Collaborative  workspaces,  instant-messaging  management, 
Web  conferencing  meeting  spaces. 


11  WINNER: 
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The  biggest  news  in  the  messaging  space  last  year  was  the 
emergence  of  instant  messaging  as  a  corporate  tool.  No  longer 
were  employees  using  IM  solely  to  check  in  with  friends  about 
lunch  plans  —  they  had  begun  to  use  the  systems  for  communi¬ 
cating  with  customers,  clients  and  other  business  partners  for 
work  purposes. 

But  with  compliance  regulations  such  as  the  Health  Insurance 
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i:i  Portability  and  Accountability  Act  and  the  Sarbanes-Oxley  Act  The  Akonix  L7  Enterprise  offers  amazing  detailed 


looming  over  corporations,  monitoring  and  managing  IM  systems  ^^tmes'saglng08  SPedfiC  P°IideS  t0 
is  a  potential  headache  for  IT  departments.  We  set  out  to  test  for 

the  best  IM  and  monitoring  system,  and  found  the  Akonix  L7  Enterprise  deserving  of  that  credit  (www.nwfusion.com, 
DocFinder:  6022). 

Lab  Alliance  members  Christine  Perey  and  Travis  Berkley  said  they  were  impressed  with  L7  Enterprise’s  customization  fea¬ 
tures  for  user  configurations  and  policies, especially  in  governing  file  transfers  by  type, size  or  time  of  day  With  L7  Enterprise, 

you  can  get  as  detailed  as  creating  a  policy  that  lets  only  marketing  employ¬ 
ees  send  PDFs  and  JPEG  files  between  the  hours  of  8  a.m.  and  4  p.m.  on 
Wednesdays. You  can  apply  rules  to  IP  address,  IM  handle  and  other  identity 
management  types.The  system  also  lets  you  set  rules  based  on  user  location. 
With  this  feature,  for  example,  you  can  mandate  that  users  be  connected  to 
the  VPN  to  use  IM.The  system  features  an  easy-to-use  Windows  program  for 
creating  attractive  summary  or  detailed  reports,  charts  and  graphs.These  can 
be  used  as  PDFs,  Crystal  Reports  or  HTML. 

This  small  company  earned  accolades  for  its  innovative  technology  and  we 
hope  to  see  more  innovation  from  Akonix  in  future  upgrades. 


SB 


In  our  Clear  Choice  test,  we  found  the 
Oracle  Collaboration  Suite  offered  a  number 
of  good  tools  (Web  conferencing,  e-mail,  cal¬ 
endaring,  file  storage  and  content  searching) 
for  letting  workers  share  information  and  find 
data  within  a  company.  Also  impressive  was 
the  variety  of  methods  —  Web,  desktop 
client,  PDA  or  cell  phone  —  Oracle  supports 
for  accessing  the  system  (DocFinder:  6023). 

The  Juniper  NetScreen  Secure  Meeting 
Appliance  does  what  it  was  designed  to  do 
very  well.  It  collected  top  scores  in  setup  and 
management  features,  letting  employees  get 
meetings  up  and  running  quickly.  The  system 
makes  sharing  applications  easy  and  provides 
great  flexibility  in  letting  participants  control 
the  meeting  (DocFinder:  6024). 

Microsoft  Live  Communications  Server 
(we  tested  2003,  but  Microsoft  has  since 
bumped  up  the  name  to  2005)  impressed  us 
with  its  ability  to  handle  IM  away  from 
Exchange  and  the  addition  of  presence  fea¬ 
tures.  We  also  liked  the  product  for  its 
ability  to  encrypt  all  traffic  through  Trans¬ 
port  Layer  Security  and  new  archiving  fea¬ 
tures  that  let  you  capture  and  archive  all  IM 
traffic  (DocFinder:  6025). 


PRODUCT  MASTERMIND 

THE  MAN:  Eric  Cattell,  lead  software  engineer 
JOB  DUTIES:  A  member  of  Akonix’s  founding 
team,  Cattell  has  been  a  key  architect  and  core 
engineer  for  Akonix  L7  Enterprise  since  its  release 
in  2002. 

FAVORITE  FEATURE:  “Our  policy  management 
engine.  It  is  unique,  complete  and  easy  to  use.  Sixty  sec¬ 
onds  after  an  organization  deploys  Akonix  L7  Enterprise,  the  administrator 
can  create  any  policy  needed,  whether  it’s  blocking  all  file  transfers,  limiting 
who  employees  can  IM  with  or  filtering  for  confidential  information.  Instantly 
that  policy  applies  to  any  user  or  group  of  users,  on  any  IM  system  used,  across 
all  the  public  IM  networks  and  their  internal  enterprise  IM  system.” 
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UPDATE 

THE  PRODUCT:  In  November  2004, 
Akonix  launched  L7  Enterprise  4.0, 
with  support  for  Microsoft  Office 
Live  Communications  Server  2005, 
connectivity  with  public  IM  net¬ 
works  and  support  for  IBM  Lotus 
Instant  Messaging  (formerly  Same¬ 
time).  Other  enhancements  in¬ 
clude  the  ability  to  manage  access 
to  games,  audio/video  conferenc¬ 
ing,  application  sharing  and  other 
features  of  public  IM  clients;  the 
ability  to  support  mobile  and  re¬ 
mote  users;  some  load-balancing 
capabilities;  enhanced  anti-virus 
support;  and  the  ability  to  cus¬ 
tomize  user  notifications  by  user, 
group  or  domain. 

The  company  also  released  Ver¬ 
sion  3.1  of  its  Enforcer  security  soft¬ 
ware,  adding  capabilities  to  stop 
unauthorized  IM  and  peer-to-peer 
file  sharing.  For  example,  Enforcer 
3.1  can  block  transmission  from  the 
BitTorrent  peer-to-peer  network, 
popular  for  movie-sharing. 

THE  COMPANY:  Akonix  is  a  private 
company  backed  by  venture  capi¬ 
tal  firms  Menlo  Ventures,  Mission 
Ventures,  Palomar  Ventures  and 
Windward  Ventures.  According  to 
Akonix,  it  added  190,000  seat 
licenses  in  the  third  quarter  of 
2004,  ending  the  quarter  with  more 
than  500,000  seats  at  more  than 
400  customers.  Company  wins 
included  Rochester  Public  Utilities 
and  Ardsley  Advisory  Partners,  a 
Connecticut  investment  firm. 
Akonix  also  spent  the  year  fleshing 
out  its  management  team,  hiring 
Ron  Hegli  as  vice  president  of  engi¬ 
neering,  Kip  Quackenbush  as  vice 
president  of  worldwide  sales,  and 
Timothy  Breidigan  as  vice  presi¬ 
dent  of  business  development. 


We  plan  to  test  the  latest  in  e-mail  compliance  and  archiving  tools,  to  get  the  goods  on  products 
intended  to  help  with  compliance.  And,  we’ll  look  into  e-mail  security  tools  and  anti-phishing  tech¬ 
nologies.  For  Web  conferencing,  we  plan  on  testing  tools  that  accommodate  meetings  at  the  desktop 
rather  than  in  the  conference  room  (such  as  one-to-many  has  gone  to  one-to-one).  For  collaborative 
workspaces,  we’ll  look  at  tools  that  could  provide  an  alternative  to  e-mail  in  light  of  the  overwhelming 
spam  problem. 


REASONS  TO  THINK  ABOUT 
HIGH-PERFORMANCE,  AFFORDABLE, 
64-BIT  IBM  SERVERS  WITH  INTEL® 
XEON™  PROCESSORS. 
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EASY  TO  BUY. 
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IBM  GLOBAL 
FINANCING. 
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MICROSOFT® 

READY. 
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RESILIENT  ENOUGH 
TO  HELP  WEATHER 
THE  UNTHINKABLE. 
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FASTER  THAN 
EVER. 


50 

XTENDED  DESIGN 
ARCHITECTURE.-" 


13 

LIGHT  PATH 
DIAGNOSTICS. 


19 

HIGHLY  RELIABLE. 


ISV 

EMBRACED. 


51  39 

HOT-SWAPPABLE,  VISIBLE 

REDUNDANT  ALERTS. 

COMPONENTS. 


25 

LINUX*  READY. 


1 

THE  X226. 


37 

UPTIME!!! 


11 

CALIBRATED 

VECTORED 

COOLING’" 

TECHNOLOGY. 


THE  X236. 


16 

IBM  STORAGE- 

SERVER 

COMPATIBILITY. 


40 

PREDICTIVE 
FAILURE  ANALYSIS® 


FULL  SUPPORT 
FOR  INTEL’S  EM64T 
MEMORY 
CAPABILITIES. 


BRAND-NEW, 
FASTER  I/O 
FEATURES. 


61 

MIGRATE  WHEN 
YOU  WANT  TO. 


43 

BETTER 

PERFORMANCE. 


10 

SIMPLE  SWAP 
DRIVES. 


27 

SUSE  LINUX 
READY. 


34 

IBM  EXPRESS 
PORTFOLIO.'" 


22 

HIGH,  HIGH  ROI. 


12 

UNBELIEVABLY 
ADVANCED  SYSTEMS 
MANAGEMENT. 


8  DIMM  SLOTS. 


(©  server" 


30 

CHIPKILL"  MEMORY 
OPTIONS. 


48 

EASY  TO 
INSTALL. 


REDHAT  READY. 


58 

POWERFUL 
INTEL”  XEON" 
PROCESSORS. 


7 

OPTIMIZED 
FOR  RACKS. 


21 

LOW,  LOW  TOO. 


60 

ENHANCES 
32-BIT  APRS. 


INCREASED 

PRODUCTIVITY. 


57 

MODULAR 

EXPANSION 

OPTIONS. 


HIGHLY 

AVAILABLE. 


EASY  TO 
MANAGE. 


INTEGRATED 

RAID. 


NEW  LEVELS  OF 

PERFORMANCE 

DENSITY. 


14 

24-HOUR 

REMOTE  SUPPORT. 


3 

THE  X336. 


31 

REMOTE  MANAGEMENT 
FROM  ANYWHERE  ON 
THE  NETWORK. 

9 

FOOTPRINTS 
START  AT  1U  X  27'.' 


64 

MAINFRAME-INSPIRED 

TECHNOLOGIES. 


32 

FOUR  HARD  DRIVES 
IN  A  1U  SERVER. 


4 

THE  X346. 


THE  DS300 STORAGE 
ATTACHMENT. 


45 

HIGHLY  FLEXIBLE. 


6 

THE  DS400 

STORAGE 

ATTACHMENT. 


28 

VIRTUALIZATION 

OPTIONS. 


52 

AFFORDABLE. 


8 

PRICES  START 
AT  $1,179.' 


53 

UP  TO  42  SERVERS  IN 
STANDARD  RACKS. 


59  41 

CREATED  FOR  MORE  JUICE. 

MID-SIZED 

BUSINESSES. 


44 

REMOTE  SERVICING. 


35 

REMOVE  “ADD  AN 
APP,  ADD  A  SERVER” 
FROM  YOUR 
VOCABULARY. 


56 

BUILT  WITH 
YOU  IN  MIND. 


62 

BETTER 

PERFORMANCE  WITH 
NEW  INTEL  XEON 
PROCESSORS. 


18  23 

ULTRA  SCALABLE.  MEMORY 

MIRRORING. 


PLUG  AND 
PLAY. 


XEON 


@ server* 

WHY  IBM? 

The  IBM  eServer™  xSeries®  family  with  Intel  Xeon 
Processor-based  Xtended  Design  Architecture  is 
the  next-generation  architecture  designed,  priced 
and  supported  for  businesses  of  every  size. 

Giving  you  unbelievably  high  performance  at  an 
unbelievably  low  price. 

The  entry-level  x226  is  the  most  affordable  xSeries 
system  in  the  2-way  space.  The  x236  offers 
maximum  internal  scalability  in  an  IBM  industry- 
standard  tower.  Our  x336  gives  you  new  levels  of 
performance  density  in  a  2-way  rack-mounted  system. 
And  the  x346  offers  exceptional  scalability  and 
flexible  growth  in  a  2U  system. 

Of  course,  all  of  these  systems  are  powered  by 
state-of-the-art  64-bit  Intel®  Xeon™  Processors. 

Now  let’s  talk  about  storage  attachments  for  your 
eServer  xSeries  systems.  Let’s  talk  IBM  TotalStorage® 
systems.  The  entry-level  DS300  is  for  businesses  of 
any  size.  Rack-ready,  it’s  designed  to  let  you  pay  as 
you  grow.  The  very  hard  to  outgrow  DS400  is  xSeries 
storage  to  the  max.  Fast,  Expandable.  And  it  scales 
up  to  5.8  terabytes.2  Both  share  reliability  and  data 
protection  features  found  in  IBM  eServer  solutions. 

Now,  what  if  you’re  a  mid-sized  business  with  little  or 
no  IT  staff?  Enter  the  IBM  Express  Portfolio.  All  of  the 
above  xSeries  and  storage  products  offer  Express 
models,  specifically  designed  and  optimized  for  mid¬ 
sized  businesses.  IBM  Express  offerings  are  easy  to 
configure.  Easy  to  install.  Easy  to  manage.  And  easy 
on  the  checkbook. 

IBM  EXPRESS  PORTFOLIO  -  BUILT  FOR  MID-SIZED  BUSINESSES. 

fij|  DEMAND  BUSINESS" 


WHY  64-BIT? 

IBM’s  innovations  are  ideal  complements  for  64-bit 
Intel  Xeon  Processors:  light  path  diagnostics; 
Calibrated  Vectored  Cooling;  remote  monitoring; 

8  DIMM  slots.  We’ve  got  it  all. 

IBM  eServer  xSeries  systems  are  cost-effective  by 
almost  every  measure  of  TCO.  And  almost  every 
measure  of  ROI.  They  fit  in  standard  racks  and  are 
easily  scalable. 

Our  new  Xtended  Design  Architecture  works  with 
your  32-bit  industry-standard  apps.  And  your  new 
64-bit  industry-standard  apps.  And  those  32-bit 
and  64-bit  apps  that  are  still  on  the  drawing  board. 

WHY  NOW? 

This  is  the  future.  This  is  where  developers  are  going. 
Where  the  industry  standard  is  forming.  Where 
business  is  headed. 

The  transition  is  well  under  way.  Above  all,  64-bit 
is  stable.  It’s  reliable.  It’s  powerful.  It’s  fast.  It’s  here. 
And  we’re  paving  the  way. 

Every  64-bit-enabled  xSeries  server  is  designed  to 
have  more  memory,  which  allows  you  to  run  more 
powerful  apps.  And  if  you’re  reticent  about  making 
the  move  to  64-bit,  relax.  Xtended  Design 
Architecture  actually  enhances  your  32-bit  apps,  so 
you  can  do  more  with  what  you  already  have.  Do 
more  now.  Do  more  later.  Do  more  period  with  64-bit 
Intel  Xeon  Processors  and  IBM  Xtended  Design 
Architecture. 

These  servers  and  storage  units  are  designed  with 
one  thing  in  mind -you.  It’s  an  exciting  story.  You 
need  to  learn  more  at  ibm.com/eserver/64reasons 


'IBM  web  price  for  the  xSeries  226  (2.8  Ghz  processor.  512  MB  memory,  80  GB  SATA  HDD),  current  as  of  10/18/04,  and  is  subject  to  change  without  notice.  Starting  price  may  not  include  a  hard  drive, 
operating  system  or  other  features.  Price  does  not  include  tax  or  shipping.  Reseller  prices  may  vary.  See  www.pc.ibm.com/us/eserver/xseries.  IBM  does  not  warrant  non-IBM  products.  Terabyte  equals 
one  trillion  bytes  when  referring  to  total  disk  drive  capacity.  Accessible  capacity  may  be  less.  IBM,  eServer,  the  eServer  logo,  Calibrated  Vectored  Cooling,  ChipKill,  IBM  Express  Portfolio,  Predictive 
Failure  Analysis,  TotalStorage,  xSeries  and  Xtended  Design  Architecture  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other 
countries.  Intel,  Intel  Inside,  the  Intel  Inside  logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Linux  is  a 
trademark  of  Linus  Torvalds  in  the  United  States,  other  countries,  or  both.  Microsoft  and  Windows  NT  are  trademarks  of  Microsoft  Corporation  in  the  United  States,  other  countries,  or  both.  Other 
company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2005  IBM  Corporation.  All  rights  reserved. 
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tuiork  infrastructur 

|j|  Access  routers,  blade  servers,  dual  WAN  routers,  Ethernet  backbone  and  workgroup 
EH  switches,  wireless  network  gear. 


WINNER:  IGM'S  Glad 
Ulith  H55D 


IBM's  BladeCenter  system  earned  big  points  in  our  testing 
because  of  its  unifying  management  tools. 


The  IBM  BladeCenter  is  one  of  an  emerging  group  of 
products  that  have  evolved  to  accommodate  more 
computing  power  inside  shrinking  data  center  spaces. 

These  systems  pull  together  multiple  application 
servers,  network  switching  devices  and  network  stor¬ 
age  appliances  in  a  single,  small  footprint.  And 
BladeCenter  is  accommodating,  more  so  than  the  com¬ 
petitive  server  blade  configurations  we  tested 
(DocFmder  6026). 

When  it  comes  to  raw  Web  and  network  I/O  perfor¬ 
mance  of  the  blade  servers,  IBM’s  BladeCenter  chassis  and  HS20  Blade  Server  combination  stands  on  par  with  compet¬ 
ing  products  from  HP  and  RLX  Technologies.  What  puts  BladeCenter  above  the  rest  is  IBM  Director,  the  most  useful  and 
flexible  management  application  of  the  lot,  says  Thomas  Henderson,  a  Network  World  Lab  Alliance  partner.  Director  sup¬ 
plements  the  functionality  of  the  management  module  blade  that  plugs  into  the  BladeCenter  backbone  and  offers  a  wel¬ 
come  superset  of  functionality  over  those  supplied  in  the  module.  It  can 
help  ease  deployment  and  ongoing  administration  of  the  IBM  blade  system 
in  large  data  centers  and  remote  branch  offices  alike. 

Using  IBM  Director,  you  can  manage  the  BladeCenter  chassis  and  all 
components  including  the  Brocade  Communications  and  QLogic  stor¬ 
age-area  network  (SAN)  and  Cisco  Ethernet  switches  that  slide  into  it.The 
Director  query  process  discovers  each  item  sitting  in  the  chassis,  then 
delivers  information  about  the  devices  to  the  Director  database.  The 
Director  GUI  then  taps  into  that  data  to  help  administrators  manage  the 
components  in  great  detail. 

“Director  is  the  greatest  strength  of  the  IBM  Blade- 
Center  and  was  a  pleasure  to  use,”  Henderson 
notes. 


Dell’s  PowerConnect  6024  Gigabit 
Ethernet  Layer  3,  24-port  switch  earned  a 
Clear  Choice  Award  because  of  its  fine  mix 
of  performance,  features  and  price.  Targeted 
for  data  center  server  connectivity,  wiring 
closet  aggregation  and  core  switching  for 
smaller  networks  or  branch  offices,  this  gear 
features  serious  routing  protocol  support, 
physical  redundancy,  QoS  and  access  con¬ 
trol  lists,  all  for  about  $3,500  (DocFinder: 
6039). 

Extreme  Networks’  Summit  400-48t 

earned  its  finalist  spot  because  it  pushes  the 
bar  on  gigabit  to  the  desktop.  The  switch’s 
high  port  density,  rich  feature  set  and  good 
performance  make  it  a  strong  candidate  for 
network  managers  looking  to  add  capacity 
to  their  wiring  closets  (DocFinder:  6041). 

HP’s  BL20p  G2  Blade  Server  and  BLSOp 
Blade  placed  a  strong  second  in  our  test  of 
server  blade  combinations.  The  blade 
server,  which  posted  strong  individual 
blade  performances,  features  many  con¬ 
figuration  and  management  tools  for  man¬ 
aging  the  server  blades,  and  a  number  of 
other  network  and  storage  switches  you 
can  plug  into  the  6U  server  chassis 
(DocFinder:  6040). 


PRODUCT  MASTERMIND 

THE  MAN:  Dhruv  Desai,  distinguished 
engineer 

JOB  DUTIES:  He  acts  as  lead  system 
architect  for  BladeCenter. 

FAVORITE  FEATURE:  BladeCenter’s  ability  to 
integrate  storage,  networking  and  KVM/manage- 
ment  switching  inside  the  chassis,  which  means  faster 
deployment  times,  fewer  cables,  lower  cost  and  easier  management. 


UPDATE 

THE  PRODUCT:  Since  our  August 
test,  IBM  has  become  even  more 
accommodating  with  its  Blade- 
Center  system,  bringing  InfiniBand 
switching  into  its  chassis  via  a  part¬ 
nership  with  Topspin  Communica¬ 
tions  and  supporting  Layer  2-7 
switching  through  a  deal  with 
Nortel.  IBM  also  has  opened  its 
technical  specification  to  partners 
wanting  to  design  blades  for  plug¬ 
ging  into  BladeCenter. 

Additionally,  IBM  has  tailored  its 
longtime  UpdateXpress  utility  —  a 
simple  tool  that  helps  push  out 
server  BIOS  and  code  updates  to  its 
devices  —  so  it  can  be  used  to 
update  all  portions  of  the  Blade- 
Center,  including  server  blades, 
expansion  cards  and  management, 
storage  and  Ethernet  switch  mod¬ 
ules.  And,  to  let  more  legacy  appli¬ 
cations  run  on  blade  form  factors, 
IBM  released  a  PCI  Expansion  Unit 
that  lets  customers  install  two  tra¬ 
ditional  PC  cards  into  the  same 
blade. 

In  October,  IBM  rolled  out  a  new 
HS20  800  blade  that  supports  a  64- 
bit  Intel  configuration  featuring 
the  Nocona  processor  and  new 
small  form  factor  SCSI  hard  disk 
drives  for  greater  performance 
and  capacity.  At  the  same  time, 
IBM  introduced  the  JS20  PowerPC 
blade  to  the  BladeCenter  family. 
This  lets  Unix  and  Linux  applica¬ 
tions  run  side  by  side  with 
Windows  programs. 


We've  already  published  results  of  the  industry's  first-ever  voice-over-WLAN  gear  test  as 
our  early  2005  testing  lineup  (DocFinder:  6027).  On  tap  for  later  this  year  are  comparative  te-Lh 
new  10G  bit/sec  Ethernet  backbone  and  workgroup  switch/routers,  a  test  of  available  phpdtibN 
the  emerging  XML  router  space  and  our  ongoing  series  of  server  hardware  tests. 
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Desktop  and  client  management  suites,  network  analysis  tools,  network  configuration  management  products, 
network  modeling  wares,  network  performance  analysis  software,  WAN/bandwidth  management  products. 
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WINNER:  • 


With  two  products  in  distinct  categories  separated  by  only  0.02  points  on  the 
score  chart, we  had  to  declare  a  tie.Opnet’s  IT  Guru  10.5  and  Rendition  Networks’ 
TrueControl  3.0  both  deserve  Best  of  the  Tests  distinction  in  network  manage¬ 
ment.  IT  Guru  10.5  took  the  Clear  Choice  Award  in  our  recent  network  modeling 
tools  test  with  an  extremely  impressive  4.85,  while  TrueControl  scored  an  equally 
remarkable  4.83  in  our  test  of  network  configuration  tools. 


IT  Guru 

Network-modeling  tools  let  designers  or  operators  test  changes  to  network 
topology  before  they  get  implemented  in  a  production  network.  Lab  Alliance 
member  Jeffrey  Fritz  found  IT  Guru  to  be  the  most  accomplished  of  the  tested 
products,  as  it  could  scale  easily  to  accommodate  just  about  any  production 
enterprise  network  and  offers  powerful  tools  for  analyzing  network  issues. 

The  key  for  network  modeling  is  the  ability  to  match  the  generated  network 


model  map  to  the  real  network  topology  Events  such  as  link  failure,  link  changes, 
device  failures,  load  changes,  route  changes  and  link  overloading  should  be  as 
accurate  as  possible.  IT  Guru  handled  these  with  aplomb  —  it  could  implement 
changes  on  the  fly,  and  we  could  modify  factors  such  as  Open  Shortest  Bath  First 
link  costs  and  OSPF  timers  and  see  results  immediately. 

IT  Guru, a  Best  of  the  Tests  winner  last  year  for  9.0,  is  flexible,  scalable  and 
highly  customizable.  From  a  GUI,  users  can  drag  and  drop  several  kinds  of  net¬ 
work  topologies,  creating  a  product  that  is  sophisticated,  powerful  and  com¬ 
plex.  During  testing,  we  found  ourselves  overwhelmed  (in  a  good  way)  by  its 
rich  features  and  complexity  (DocFinder:  6042). 


TrueControl 

The  new  network  configuration  management  market  consists  of  systems  that 
correctly  establish  the  existing  configuration  of  a  network, support  a  multi-ven- 


It® 


In  our  test  of  AlterFoint’s  Device  Authority 
Suite,  we  found  the  DeviceAuthority  Server  was 
the  most  important  part.  The  server  provides  ser¬ 
vices  such  as  user  credential  management,  device 
version  control  and  backup,  and  scheduling.  We 
liked  how  the  system  could  auto-discover  each 
and  every  device  on  our  network,  and  it  had  no 
problem  correctly  identifying  and  backing  up  con¬ 
figurations  from  mainstream  Cisco  devices 
(DocFinder:  6044). 

Dorado  Software’s  RedCell  is  an  integrated 
suite  of  products  that  allows  extensive  discovery 
and  management  of  network  configurations.  We 
liked  how  easy  the  system  was  to  stop  and  re¬ 
start,  either  through  the  command  line  or  an  icon 
in  the  system  tray.  The  system  could  accurately 
ping  and  discover  all  the  devices  in  our  test  net¬ 
work,  and  pick  up  our  Cisco  components.  RedCell 
was  a  powerful  system,  chock  full  of  features 
(DocFinder:  6048). 

We  found  the  Feribit  Networks  SR-100  WAN  link 

compression  appliance  a  great  device  for  increas¬ 
ing  network  bandwidth  without  buying  more 
capacity.  The  SR-100  scored  well  for  its  amazingly 
flexible  scalability,  a  high  degree  of  reliability,  and 


quick  and  painless  installation.  One  impressive 
feature  was  the  device’s  ability  to  compress  data 
at  one  end  of  a  link  and  fluff  it  back  up  at  the 
other  end  (DocFinder:  6047). 

Shunra  Software’s  Shiutra/Storm  Version  3.1 

for  network  modeling  offers  an  impressive  real¬ 
time  simulator  and  excellent  ability  to  model 
WAN  links.  We  also  enjoyed  Shunra’s  use  of 
Microsoft  Visio  as  its  user  interface,  and  we  liked 
the  tool’s  ability  to  show  us  how  applications  and 
networks  could  be  affected  by  bandwidth  throt¬ 
tling,  link  limitations,  packet  delays  and  jitter 
(DocFinder:  6050). 

Sourcefire’s  Real-time  Network  Awareness 
Sensor  2000  is  like  a  magic  eye  that  watches 
everything  happening  on  your  network.  It  com¬ 
bines  passive  network  analysis  with  a  Web-based 
management  system,  delivering  a  powerful  tool  to 
IT  personnel  who  need  more  information  about 
their  networks.  The  information  it  obtained  from 
our  test  network  was  quite  accurate,  providing 
excellent  application  identification  (including 
finding  obscure  mail  servers  on  non-standard 
ports).  We  liked  how  it  gave  us  instant  visibility 
into  hosts,  services  and  flows  on  our  network, 
without  any  effect  on  the  hosts  or  network 
(DocFinder:  6049). 


Tripwire’s  Tripwire  for  Network  Devices 

builds  on  the  company’s  file  integrity  assurance 
product,  but  goes  further  by  incorporating  sup¬ 
port  for  network  devices.  We  liked  its  built-in  log 
viewer  for  isolating  errors  and  its  direct  hooks  for 
many  major  network  management  frameworks, 
including  Computer  Associates  Unicenter,  HP 
OpenView  and  IBM  Tivoli.  Another  noteworthy 
point  is  that  the  company  claims  to  support  more 
than  100,000  devices  (DocFinder:  6046). 

Voyence’s  VoyenceControl  veered  a  bit  from  the 
network  configuration  norm.  Voyence  sends  cus¬ 
tomers  a  proof-of-concept  document  to  gather  as 
much  information  as  possible  about  the  network 
before  shipping  and  installing  its  product. 
Customers  then  can  have  Voyence  provide  the 
hardware  (loaded  with  VoyenceControl  software), 
or  Voyence  can  install  on-site  with  customer-pur- 
chased  hardware.  We  gave  the  system  high  marks 
for  its  superb  mix  of  simplicity  and  functionality. 

It  had  an  easy-to-understand  GUI  for  discovery 
and  management  of  network  devices,  and  we  eas¬ 
ily  could  view  data  gathered  from  the  devices. 
VoyenceControl  also  had  a  unique  integration 
with  MapQuest  that  can  generate  logical  and  geo¬ 
graphical  maps  from  where  your  network  devices 
are  located  (DocFinder:  6045). 
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dor  network  infrastructure, let  administra¬ 
tors  make  one-time  changes  or  automat¬ 
ed  changes  based  on  policies,  cooperate 
with  current  network  management  and 
security  systems,  and  provide  data 
through  a  good  management  console, 

TrueControl  (renamed  Opsware  Net¬ 
work  Automation  System  with  the 
Opsware  acquisition  of  Rendition)  won 
for  providing  a  wealth  of  detailed  infor¬ 
mation  and  a  robust  search  capability 
and  security  model,  and  for  a  great  mix 
of  compliance-detection  and  top-notch 
reporting  capabilities. 

TrueControl  provided  excellent  search, 
auditing  and  report  capabilities,  with 
devices,  modules,  configurations,  tasks,  ses¬ 
sions  and  events  all  checkable  against 
specified  criteria.  It  made  changes  to  the 
start-up  and  running  configurations  of  our 
network  devices.  Groups  of  equipment 
could  be  created  to  monitor  and  change 
configuration  on  a  more  easily  managed 
basis.  The  system  could  deploy  user  and 
SNMP  passwords,  which  eases  a  once- 
arduous  task  (DocFinder:  6043). 
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Opnet’s  IT  Guru 
10.5  provides  a 
great,  scalable 
model  for  tracking 
network  topology. 

We  were  impressed 
with  Rendition’s 

TrueControl  out¬ 
standing  search 
capabilities. 
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We’ve  plenty  of  tests  to  consider  in  the  network  management  area,  as  always.  We  plan  on  eXamfphlgr : 
WAN  link  management,  bandwidth  management,  application  performance  monitoring  and  yariisii  ^ 
other  enterprise  network  monitoring  and  analysis  tools.  We  also  plan  to  revisit  IP  address  rhanagfeM;, 
ment  tools.  ;  c 
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THE  MAN:  Eric  Johnson,  CTO  at  Rendition, vice  president  of  engineering  at  Opsware 
FAVORITE  FEATURE:  “Real-time  Change  Direction.This  was  one  of  our  early  innovative  features 
and  helped  set  the  tone  for  the  emerging  network  configuration  control  category  Periodic  polling 
just  isn’t  enough  any  more.To  get  real  operational  value, you  need  real-time  information.  Real-time 
change  detection  has  been  fundamental  to  many  of  the  other  critical  product  features,  such  as  pol¬ 
icy  assurance,  compliance  reporting  and  access  control  list  management.” 
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PRODUCT  MASTERMINDS 


THE  MAN:  Alain  Cohen,  president  and  CTO,  Opnet  Technologies 

FAVORITE  FEATURE:  “My  favorite  feature  is  what  we  think  of  as  ‘operational  modeling.’  Users 
can  use  IT  Guru  models  to  do  predictive  planning  and  also  to  manage  their  production  infra¬ 
structure.  For  example,  users  can  troubleshoot  application  performance  with  captured  traffic, 
then  use  the  samples  to  plan  new  app  deployments.  Or  they  can  do  a  network 
audit  for  compliance  and  security  analysis,  then  use  the  captured  informa¬ 
tion  to  model  capacity’ 


UPDATE 

Opnet 

THE  PRODUCT:  IT  Guru 
11.0,  which  became  general¬ 
ly  available  in  December 
2004,  adds  an  open  product 
architecture  that  supports  several  new  third- 
party  integrations  and  enables  capacity  plan¬ 
ning  for  distributed  systems  and  mainframe 
environments.  System  workload  and  perfor¬ 
mance  information  now  can  be  imported 
from  tools  by  BMC  Software,  Concord 
Communications,  HP,  IBM  and  NetlQ,  and 
from  XML,  Opnet  says. 

THE  COMPANY:  In  October  2004,  Opnet  ac¬ 
quired  all  assets  of  Altaworks,  including  two 
commercially  available  software  products. 
Through  the  acquisition,  Opnet  gains  ad¬ 
vanced  correlation  and  analysis  technologies. 

Rendition/Opsware 

THE  PRODUCT:  TrueControl/Opsware  Network 
Automation  System  has  gone  through  a  num¬ 
ber  of  revisions  since  our  test.  In  June  2004, 
Version  3.1  added  ScriptMaster  Technology, 
which  lets  companies  leverage  the  expertise  of 
advanced  engineers  by  automatically  convert¬ 
ing  sessions  and  commands  they  issue  into 
error-free  scripts  that  can  be  used  to  manage 
thousands  of  devices  at  once.  In  October,  the 
3.2  version  added  SecurlD  and  TACACS  authen¬ 
tication  integration,  giving  TrueControl 
stronger  two-factor  authentication  capabilities, 
and  a  Compliance  Center.  This  latter  was 
designed  to  provide  out-of-the-box  compliance 
evidence  generation  for  Sarbanes-Oxley  and  IT 
best  practices  frameworks.  Version  4.0,  due 
this  quarter,  will  add  workflow  and  approvals 
features,  so  organizations  can  manage 
approval  for  device  changes,  chain  tasks  into 
multitask  jobs  and  manage  draft  tasks.  Other 
features  include  ACL  management,  SingleView 
and  SingleSearch  (one  central  location  from 
which  to  obtain  information  on  network 
devices,  increasing  the  visibility  to  changes  for 
improving  compliance),  and  an  improved  user 
interface  (designed  around  task-based  work- 
flow). 

THE  COMPANY:  The  acquisition  of  Rendition 
by  Opsware,  announced  in  December,  closed 
this  month. 
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Authentication  servers,  intrusion-prevention  systems,  IPSec  VPNs,  security  appliances,  SSL  VPNs 


•*«  a 

-»**•>  *i .---->  .<  -  «■«•»**»•* *  **«»*«<•.>*»***#*•***  »»«»»•• 

-  i  -  .a.'  <•*»<•>  -  ■  ^>icre>n  u.«*4«jMn*f9. 

'  . . .  .  --------- 


■t  ««««•*«' 


mmm* 

•  ■i4C4d4t**«»44f»e<M*«l 

_ . «••»•••••«•«•••**«•»«••« »••••*« 
OC  •  «?*«  «••*••«*»»*•*••««•+•»•  «««■•** 

mm  mm  4 


|  WINNER:  Junipi 


a  *=- 


r 

(n 

Hi T SCHt CM 

.-SAsoon 

The  NetScreen-SA  5000  SSL  VPN  gateway  landed  in  the  winners’  cir¬ 
cle  because  of  its  outstanding  application  support  and  strong  access 
control  mechanisms. 


St: 


The  point  of  an  SSL  VPN  is  to  give  users  easy 
remote  access  to  all  the  applications  they  know 
and  love. 

In  our  first  test  of  these  gateway  products, 

NetScreen  (Juniper  bought  NetScreen  Technol¬ 
ogies  after  we  tested  the  product)  narrowly  edged 
out  the  Nokia  Secure  Access  System  to  top  the  list 
of  the  seven  SSL  VPN  gateways  tested  (DocFinder: 

6051).  Based  on  testing  completed  by  Network 

World  Lab  Alliance  member  Joel  Snyder,  the  NetScreen  device  garnered  the  win  based  on  high  overall  interoperability 
results,  good  access  control  mechanisms  and  outstanding  application  support. 

On  the  latter,  the  NetScreen-SA  5000  offered  a  strong  mix  of  application  translation,  terminal  emulation, port  forwarding 
and  network  extension  and  application  layer  gateway  mechanisms  to  let  users  tap  into  a  number  of  network  programs 
over  an  SSL  link.  In  all,  we  tested  NetScreen’s  interoperability  against  20  enterprise  applications.  NetScreen  hit  the  inter¬ 
operability  mark  on  100%  of  the  basic  Web-based  programs  and  78%  of  the 
file  service-based  applications  tested.  In  addition,  NetScreen  offers  quite  a 
few  “thin-client”  options  to  support  cross-platform  users. 

In  terms  of  controlling  access,  the  NetScreen  box  has  strong  Lightweight 
Directory  Access  Protocol  directory  and  RADIUS  server  connections,  offers 
an  innovative  mail  pass-through  authentication  feature  and  gives  an  admin¬ 
istrator  good  control  over  SSL  security  settings. 


Because  our  assumption  for  testing  SSL 
VPNs  early  last  year  was  that  they  must  fit 
into  existing  networks,  determining  which 
one  is  best  for  your  network  truly  does 
depend  on  your  environment. 

To  that  end,  you  can  use  our  security  infra¬ 
structure  finalists  on  a  short  list  of  products 
that  deserve  a  closer  comparison  against 
your  specific  requirements. 

FS  Networks’  FirePass  Controller  4000 
makes  the  short  list  because  of  the  broad 
range  of  applications  and  authentication 
methods  it  supports,  its  delegated  manage¬ 
ment  and  outstanding  reporting/logging  fea¬ 
tures,  and  its  virus-scanning  features. 

The  Nokia  Secure  Access  System  earned 
its  finalist  spot  because  it  offers  outstanding 
fine-grained  access  control,  very  good 
authentication  support  including  certificates 
and  group-mapping  features  and  smart 
break-in/evasion  features. 

The  Symantec  Clientless  VPN  Gateway 
offers  an  excellent  access  control  model 
and  configurability,  and  its  real-time  status 
and  management  tools  are  well  done 
(DocFinder:  6051). 


PRODUCT  MASTERMIND 

THE  WOMAN:  Vivian  Ganitsky, product  director 
JOB  DUTIES:  She  manages  the  team 
responsible  for  setting  the  strategy  for  new 
security  enterprise  products  and  driving 
products’  life  cycle  from  definition  to 
launch,  deployment  and  customer  support. 

FAVORITE  FEATURE:  “My  favorite  feature  is 
dynamic  access  privilege  management,  par¬ 
ticularly  the  value  that  we  bring  to  customers  [when  this  feature  is] 
combined  with  our  endpoint  security  capabilities.” 


UPDATE 

THE  PRODUCT:  Just  after  we 
tested  the  SA-5000,  NetScreen 
upgraded  the  product  to  provide 
a  host  of  new  access  privilege 
management  features,  stream¬ 
lined  administration  capabilities, 
detailed  role-based  delegation  of 
management  tasks  and  a  highly 
customizable  user  interface.  At 
the  same  time,  NetScreen  rolled 
out  NetScreen  Secure  Access 
Central  Manager,  a  unified  policy 
and  configuration  management 
product  for  centrally  controlling 
multiple  SSL  gateways. 

Since  finalizing  the  NetScreen 
acquisition  in  April,  Juniper  has 
added  Security  Assertion  Markup 
Language  support  and  single 
sign-on  capabilities  to  its  SSL 
VPN  products.  In  a  December 
point  release,  it  added  Korean 
and  Spanish  language  ties,  provi¬ 
sioning  tools,  integration  with 
Citrix,  secure  online  meeting  and 
Microsoft  Outlook  calendaring 
applications. 

THE  COMPANY:  Juniper’s  $4  bil¬ 
lion  stock  buyout  of  NetScreen 
was  pretty  much  the  big  news. 
However,  the  company  also 
announced  its  Juniper  Endpoint 
Defense  Initiative  (yes,  it  uses 
JEDI  as  the  acronym)  to  help  tie 
its  products  to  the  emerging 
class  of  endpoint  security  prod¬ 
ucts  from  Sygate  Technologies, 
Symantec  and  WholeSecurity. 
Juniper  also  reported  picking  up 
big  customer  wins  with  the 
European  Investment  Bank,  Legal 
Services  for  New  York  City  and 
Baoviet  Insurance. 
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This  year  we  will  tackle  the  prickly  issue  of  measuring  performance  of  IPSs  and  test  advances  in  SSL 
VPN  wares.  Additionally,  we’ll  test  anomaly  detection-based  intrusion-detection  systems  and  all-in- 
one  security  appliances. 
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WHO 


YOURS  ? 


OPNET’s  NetDoctor  provides  configuration 
integrity  checks  and  security  audits  for 
multi-vendor  networks,  including  switches 
and  routers,  IP,  OSPF,  BGP,  MPLS,  HSRP, 
VLANs,  security  protocols  (AAA,  TACACS, 
etc.),  and  more. 


NetDoctor’s  extensive  rule  suites  are  open,  so 
you  can  incorporate  your  own  configuration  best 
practices.  “  ,  > 


OPNET  products  provide  advanced  analytics 
for  networks,  systems,  and  applications. 

The  world’s  most  successful  organizations 
rely  on  OPNET,  including  financial  services 
firms,  government  agencies,  telecommunications 
providers,  energy  companies,  retail  businesses,  and 
manufacturers. 


Making  Networks  and  Applications  Perform™ 


OPNET 


www.opnet.com 

OPNET  Technologies,  Inc. 

7255  Woodmont  Avenue,  Bethesda,  Maryland  20814  USA  •  phone:  +1-240-497-3000  •  fax:  +1-240-497-3001  •  e-mail:  info@opnet.com  NASDAQ:  OPNT 

©  2005  OPNET  Technologies.  Inc.  All  rights  reserved.  OPNET  is  a  registered  trademark  of  OPNET  Technologies,  Inc.  NetDoctor  is  a  trademark  of  OPNET  Technologies,  Inc.  All  other  trademarks  are  the  property  of  their  respective  owners 
OPNET  NetDoctor  and  IT  Sentinel  vll.O  have  been  tested  in  accordance  with  interoperability  criteria  set  by  Cisco  Systems.  Inc.  and  are  compatible  with  the  Cisco  IOS  versions  10.0  and  above.  For  full  disclaimer,  see  OPNET ‘s  product  documentation. 
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icus  on  products  that  supply  client  security  for  mobile  devices.  Other  security  manage- 
is  we  pJan  tQ  address  include  patch  management,  anti-phishing  and  vulnerability  alerting 
nder;  6080)\Ybisyear,  ourcoverage  of  the  NetWorld+Interop  iLabs  testing  will  hone  in  on 
80 2.1  X  for  managing  secure  accessin  wired  and  wireless  networks. 
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Anti-spy  software,  anti-virus  management  software,  endpoint  security  tools,  patch  management  wares,  policy  auditing 

and  compliance  software,  security  event  management  products,  Secure  Shell  management  servers,  vulnerability  assess- 
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ment  and  management  products. 
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N>>  PREVENTSYS 


The  Preventsys  system  reins  in  security  compliance  headaches 
with  its  configurability,  reporting  and  remediation  facilities. 


You  can’t  do  much  better  than  this. 

This  Preventsys  product  has  the  distinction  of 
being  one  of  the  highest  scorers  —  posting  a  4.9 
out  of  a  possible  five  points  —  ever  in  a  Network 
World  test  (DocFinder:  6052). 

The  Network  Audit  and  Policy  Assurance  System 
(renamed  Preventsys  Policy  and  Regulatory  Com¬ 
pliance  module  in  a  September  upgrade)  slides 

into  the  overall  Preventsys  Enterprise  Security  System.The  module  looks  for  systems  that  are  out  of  compliance  by  com¬ 
paring  the  results  of  vulnerability-assessment  scans,  collected  from  a  variety  of  sources,  against  defined  security  policy. 

Network  World  Lab  Alliance  member  Mandy  Andress  gave  Preventsys  high  points  across  the  board  for  its  elastic  con¬ 
figurability  its  ability  to  tap  into  existing  policy  standards  and  to  create  new  standards,  its  plethora  of  reporting  options 
and  its  expanding  remediation  measures. 

Andress  contends  this  security  management  tool  could  be  just  what  the  doctor  ordered  to  help  corporations  deal 

with  the  Health  Insuarance  Portability  and  Accountability  Act  (HIPAA) 
and  Sarbanes-Oxley  (SOX)  compliance  regulations. 

The  module  has  a  pretty  hefty  price  tag  —  starting  at  $65,000  for  the  first 
1 ,000  nodes  and  ranging  to  $375,000  for  20,000  nodes.  But  Preventsys  has 
included  a  feature  that  could  help  turn  cost  justification  into  a  non-issue. 
This  integrated  feature  calculates  the  financial  risk  should  any  of  the  sys¬ 
tems  it  finds  vulnerable  be  compromised. 


Configuresoft’s  Enterprise  Configur¬ 
ation  Manager  Version  4.5.2  won  Clear 
Choice  honors  as  one  of  the  best  Windows¬ 
centric  programs  we’ve  tested  for  helping 
to  configure  desktop  and  server  systems 
securely.  Specifically,  the  product  earned 
accolades  for  its  intuitive  interface,  great 
flexibility  and  automatic  compliance  func¬ 
tionality  (DocFinder:  6053). 

EEye  Digital  Security’s  Blink  1.0,  a 
brand-new  product,  swept  the  competition 
in  our  first-ever  test  of  endpoint  security 
products.  It  earned  top  honors  based  on  its 
solid  reporting  and  its  hybrid  approach  to 
client  defense  (DocFinder:  6054). 

Lockdown  Networks’  Lockdown  Auditor 
3.0  was  a  top  performer  in  our  vulnerability 
management  test  because  of  its  easy  to 
drive  front  end,  intuitive  workflow  system 
and  excellent  vulnerability  notification 
capability.  However,  network-scanning 
capabilities  need  some  upgrading 
(DocFinder:  6055). 

NCircle  Network  Security’s  IP360 
Vulnerability  Management  System  earned 
high  honors  in  our  vulnerability  assessment 

See  Finalists,  page  56 


PRODUCT  MASTERMIND 

THE  MAN:  Patrick  Ravenel,  senior  vice  presi¬ 
dent,  engineering 

JOB  DUTIES:  Manages  the  technical  direc¬ 
tion  of  Preventsys  products  and  services 
and  drives  technology  initiatives. 

FAVORITE  FEATURE:  “Our  programmable 
correlation  and  analysis  engine  —  the  SMART 
Engine  —  is  at  the  heart  of  both  our  threat 
exposure  and  policy  compliance  analysis  func¬ 
tions.  It  correlates  the  results  of  tens  of  thousands  of  dis¬ 
parate  network  and  vulnerability  tests  together  dynamically  without  relying 
on  hard-coded  mapping  like  security  event  management  products.” 
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UPDATE 

THE  PRODUCT:  Along  with  its  newly 
named  product,  Preventsys  now 
ships  updated  NIST  and  NSA  configu¬ 
ration  standards,  and  new  SOX, 
HIPAA,  F1SMA  and  GLBA,  FF1EC  and 
NERC  controls  and  rules.  It  also  has 
spiffed  up  reporting,  now  offering 
additional  compliance  reports,  com¬ 
parative  reporting  and  an  updated 
policy  recommendation  engine. 

Additionally,  the  system  now  ships 
with  new  connectors  to  network  scan¬ 
ners  including  Internet  Security 
Systems  SiteProtector,  Qualys  Qualys- 
Guard  and  Preventsys  Network 
Architecture  Assessor  and  the  appli¬ 
cation  scanner  AppDetective  from 
Application  Security,  Preventsys’  own 
Wi-Fi  and  Windows  registry  scanners, 
Cisco  Security  Agent  software  and  any 
IDS  based  on  open  source  Snort  code. 

Finally,  Preventsys  has  built  a  new 
Preemptive  Threat  Defense  module 
that  plugs  into  its  overall  system.  It 
takes  data  from  the  scans,  correlates 
the  information,  prioritizes  mitigation 
tasks  and  automates  security  remedi¬ 
ation  activities  to  eliminate  the  root 
cause  of  exposure. 

THE  COMPANY:  In  February  2004, 
Preventsys  closed  $3  million  in  Series 
B  funding  and  hired  Tom  Rowley,  for¬ 
mer  cofounder  and  CEO  of  Counter¬ 
pane  Internet  Security,  as  CEO.  In 
May,  Alex  Lazar,  formerly  program 
director  for  security  at  IBM,  joined  as 
vice  president  of  sales.  In  July,  Pre¬ 
ventsys  announced  a  formal  partner¬ 
ship  with  SAIC  to  better  service  gov¬ 
ernment  customers,  and  in  Sep¬ 
tember  it  launched  a  new  partner 
program.  Customer  wins  include 
Bacardi,  Qualcomm  and  St.  John 
Health  System. 


continue  our  testing  of  tools  that,  help  IT  lock  down  distributed  client  machines.  One  endpoint 
rity  test  will  focus  on  products  that  help  set  and  enforce  policy  regarding  what  programs  the  sys- 
trying  to  connect  to  the  network  must  --  or  must  not  —  have  installed  to  gain  access.  A  second 
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wireless  networks. 
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Were  this  a  fine  German  car, 
you  would  ask  for  a  test  drive 
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You  admire  precision  engineering  and  seek  out 
maximum  performance.  You  want  the  best.  Presenting 
the  E-Series  from  ForcelO  Networks:  The  first  resilient 
switch/router  to  deliver  672  line-rate  Gigabit  Ethernet 
or  56  line-rate  10  Gigabit  Ethernet  ports  per  chassis  — 
more  than  twice  the  capacity  of  our  competitors. 
That's  Terabit  performance. 


Based  on  ForcelO's  revolutionary  TeraScale  '  technology, 
the  E-Series  delivers  industry-best  metrics  in  density, 
throughput,  resiliency  and  security.  The  advanced 
architecture  of  the  E-Series  ensures  predictable 
performance  with  traffic-variation  dampening,  .  . 

provides  control  plane  resiliency  to  prevent  .  ■amntmii 
DoS  attacks,  and  supports  line-rate,  real-time 

Iff'i 

security  filters  lor  high  pertormance  security.  i 


To  test  drive  the  E-Series  in  your 
network,  contact  us  at  1-866-600-5100 
or  visit  www.force10networks.comt 


independent  tcraScale  lest  results  from  The  Tolly  Group,  visit  www.forccOOnetworks.com  .  ‘p,'6 
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and  ease  of  use  make  it  a  strong  tool 
for  automating  security  compliance 
reviews  in  an  enterprise  network 
(DocFinder:  6057). 

Qualys’  QualysGuard  3.3  —  a  ser¬ 
vice  offering  —  collected  the  Clear 
Choice  honors  in  our  vulnerability 
management  test  for  accurately  tack¬ 
ling  the  nuts  and  bolts  of  network 
scanning  and  offering  the  necessary 
vulnerability  management  wares  that 
are  pushing  this  class  of  products  for¬ 
ward  (DocFinder:  6058). 

SSH  Communications’  Teetia  Client 
and  Server  Version  4.0,  the  compa¬ 
ny’s  upgraded  Secure  Shell  client  and 
server  combination,  is  easy  to  use; 
provides  convenient,  restartable  file 
transfers;  and  offers  more  GUI  fea¬ 
tures  than  competing  commercial  and 
open  source  SSH  implementations 
(DocFinder:  6059). 

Tech  Assist’s  Omniqnad  AntiSpy 
Enterprise  Edition  earned  its  spot  as 
a  finalist  because  it  pinpointed  all  of 
the  spyware  we  threw  at  it  during 
testing.  Plus,  the  software  provides 
good  central  control  of  companywide 
spyware  scans  (DocFinder:  6060). 

Visionael’s  Enterprise  Security 
Protector  provides  some  of  the  best 
vulnerability  management  functional¬ 
ity  we  saw  in  our  testing  of  these 
products.  One  reason  is  Visionael 
uses  the  Nessus  open  source  scan¬ 
ning  tool  as  its  underlying  scanning 
engine,  thereby  focusing  develop¬ 
ment  efforts  on  vulnerability  manage¬ 
ment  functionality. 

For  example,  this  product  provides  a 
customizable  portal  for  viewing  infor¬ 
mation  on  identified  vulnerabilities, 
current  risk  level,  trending  and 
troubleticket  status  (DocFinder:  6061). 

Webroot  Software’s  Spy  Sweeper 
Enterprise  1.5  earned  a  Clear  Choice 
Award  as  the  best  anti-spyware  tool  in 
our  tests.  It  contained  the  most  spy- 
ware  definitions,  gave  us  excellent 
control  over  its  client  agents  from  a 
central  console,  ran  quickly  and  unob¬ 
trusively,  had  an  intuitive  user  inter¬ 
face  and  displayed  useful  activity 
reports  (DocFinder:  6062). 


systems  based  on  a  predefined  set  of 
rules,  letting  organizations  easily  iden¬ 
tify  computers  and  other  devices  that 
do  not  conform  to  a  defined  corpo¬ 
rate  security  policy. 

This  agentless  product’s  flexibility 


Finalists 

continued  from  page  54 

and  management  test  for  providing 
the  best  business  impact  and  risk-rat¬ 
ing  features  of  the  eight  products  test¬ 
ed.  It  offers  unparalleled  levels  of 


J 

detail  on  what  it  might  cost  your  com¬ 
pany  if  holes  aren’t  patched  and 
resources  become  compromised 
(DocFinder:  6056). 

Pedestal  Software’s  Security- 
Expressions  3.1  audits  networked 


©2005  Ipswitch,  Inc.  All  product  names  are  the  property  of  their  respective  owners. 


Ipswitch  Collaboration  Suite,  the  solution  for  small 
and  mid-sized  business  collaboration  that  just  works. 
Use  Microsoft® Outlook®  or  your  browserto  connect 
to  a  powerful  industry-leading  messaging  server.  Communicate  in  real  time  with  anyone 
in  your  company  using  secure  instant  messaging.  Streamline  group  collaboration  with 
shared  calendars  and  free-busy  meeting  scheduling.  Reduce  junk  e-mail  and  stop 
viruses.  All  this,  and  Ipswitch  Collaboration  Suite  is  easy  to  install,  manage  and  use. 
Play  it  “safe"  like  Frank.  Or  be  smart.  Go  to  www.ipswitch.com  and  find  success 
with  Ipswitch  Collaboration  Suite. 


cQ 


IPSWITCH"" 


Collaboration  Suite 


I  convinced  my  boss  to  get 
this  big  honkin’  collaboration 
infrastructure  only  a  genius 
like  me  could  ever  use. 
Check  it  out  on  my  blog 
at  www.frankwillis.com 

Frank  Willis 


■  Smart 


■  Proven 


■  Reliable 


■  60  million 

mailboxes  worldwide 
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Director-class  multi-protocol  switches, 
workgroup  switches,  disaster-recovery  tools. 


pp.  .....  ♦#•••♦♦ 

<**•»  >»*«**  *  ‘ 


**«44*t«**M*t 


W*<  *i  »»»».*••  4  »  V  #*••••••<*•«  I  M««  •«  »»C  ««*>•«•(-  «<■«••••••  •••••«•■•  **■••«**»»•«  •  •**«»•  »»••••«•  o 

•  i  !  •  ->«»««•  - 

»«•»«*  ft*  f.  .  • 

0«>«t«4*««k.‘>'lt1O«l»A4««|C«(|«»*«4»r»>4««4  «»••»«  »*•»•••«••*•«»•*•••••****••  »•««»•••  «* *4 «•*»«> »••«••« 

►4«4C»3(<l»»ft***»*»*e*«*#*»*4*«»»4*»***#«e**««**«4****«**«***M»*»M*««***MM«# 

•  -»««  *  *■*  -9  *♦  *««*«**«•  «•••**»•••«  #«  ••*••'>*•  •«»•«*«*  »*•«*»«*»«»*  •«»•••»»•« 

»««»••  #4  »•»«»•  9*  •  (?%#•*•  •«•«•*««*••••»»•»••»»••• 

■I  #4#..  i-#-  »«««»  *<t  <4194  *«  ►  *«•«••»•«*  4»««  ft 

T»»<~  ••»••*  «»•<•»«*••««  »*0  *«*»»&•»•«*•  *•*•«««  »««••••*• 

J.  /•  f  *•  «■  **♦  V  4  •  •♦*<-«»«  t  *  *  O  ««»"»•»•  4  •«•»»•••  »*-•« 

.-i-i - | - ‘ - “*****' 


WINNER: 


The  Fabric  Manager 
GUI  for  the  MDS  9509 

offers  an  extensive 

range  of  useful  switch  configuration  capabilities, 
including  a  copy-and-paste  feature  that  simplifies 
setting  up  multiple  boxes. 


The  Cisco  MDS  9509  is  a  repeat  offender,  but  we  mean  that  in  the 
nicest  of  ways.  For  the  second  year  running,  this  director-class  stor¬ 
age  switch  (packed  with  1 12  ports  of  2G  bit/sec  Fibre  Channel)  has 
captured  the  top  pick  in  this  category  for  its  combination  of  innov¬ 
ative  features,  strong  performance  and  fantastic  management  wares 
(DocFinder:  6063). 

“While  we  can’t  call  it  perfect,  we  can  say  it’s  the  [director-class 
SAN  switch]  the  competition  has  to  beat,”  wrote  Edwin  Mier,  a 
Network  World  Lab  Alliance  member.  We  retested  the  MDS  9509  in 

what  we  had  expected  to  be  a  comparative  test  with  like  models  from  competitors  Brocade  and  McData,  but  those  two  com¬ 
panies  declined  to  participate. 

The  9509  supports  up  to  seven  hot-swappable  line  cards  that  can  be  any  mixture  of  16-  or  32-port,  2G  bit/sec  Fibre  Channel 
Switching  Modules.  An  eight-port  Gigabit  Ethernet  IP  Storage  Module  lets  users  directly  integrate  popular  storage-over-IP  con¬ 
nections  with  the  Fibre  Channel  fabric.  The  Cisco  switch  delivers  the  survivability  users  expect  at  the  core  of  their  SAN  fabric: 

redundant,  hot-swappable  management/fabric-control  cards  and  power  supplies. 

The  Cisco  Fabric  Manager  GUI  offers  an  extensive  range  of  useful  configuration 
capabilities.  But  most  impressive  is  the  copy-and-paste  configuration,  which  lets 
the  user  select  any  configured  switch  and  apply  all  the  same  settings  to  any  other 
switch. The  Fabric  Manager  also  can  readily  push  new  software  images  onto  one 
or  a  group  of  switches. 

Cisco  also  offers  its  proprietary  storage  equivalent  to  virtual  LANs,  called  VSANs, 
which  separates  groups  of  polls  into  discrete  “virtual  fabrics.”  This  isolates  each 
VSAN  group  from  the  disruptive  effects  of  fabric  reconvergence  that  might  occur 
in  another  VSAN.  And,  as  with  VLANs,  routing  is  used  to  forward  frames  between 
initiator  and  target  (SAN  source  and  destination)  pairs  in  different  VSANs. 

PRODUCT  MASTERMIND 

THE  MAN:  Luca  Cafiero,  general  manager  of  the  Data 
Center,  Switching  and  Wireless  Technologies  Group 
JOB  DUTIES:  Cafiero  led  the  design  concept,  engi¬ 
neering  and  other  product  development  aspects 
since  the  inception  of  the  MDS  9000  in  January 
2001.  He  is  now  the  general  manager  of  the  technol¬ 
ogy  group  that  manufactures  and  markets  the  MDS 
9000  SAN  switches. 

FAVORITE  FEATURE: “Virtual  SANs, because  it  was  the  first  feature 
of  its  kind  for  the  storage  industry  It  has  revolutionized  how  SAN  administrators 
design,  build  and  manage  their  storage  networks.  If  imitation  is  indeed  the  sheer¬ 
est  form  of  flattery  VSANs  have  truly  been  well  accepted  given  the  number  of  me- 
too  features  from  other  vendors.” 


Lefthand  Networks’  SAN/iQ  Software,  NSI 
Software’s  Double-Take  for  Windows  and 
XOSoft’s  WANSync  HA  Exchange  all  pulled  in 
high  marks  in  our  test  of  disaster-recovery 
tools  specifically  geared  for  Microsoft 
Exchange  networks. 

Lefthand  Networks’  SAN/iQ  Software  pro¬ 
vided  the  full-meal  deal  for  this  test  in  the 
form  of  a  SAN  running  its  SAN/iQ  Remote  IP 
Copy  application.  The  disaster-recovery 
tools  are  tightly  integrated  with  the  supplied 
storage  gear,  the  system  is  very  manageable, 
and  it  affords  fast  data  replication 
(DocFinder:  6064). 

NSI  Software’s  Double-Take  for  Windows 

offered  a  great  management  console  and 
posted  a  strong  finish  in  our  data  availability 
tests. 

XOSoft’s  WANSync  HA  Exchange  earned  its 
spot  on  the  finalist  list  because  it  adapted 
quickly  to  our  setup,  presented  clear 
Exchange  installation-specific  options,  and 
required  no  subsequent  intervention  to 
complete  the  processes  of  failover  detec¬ 
tion,  failover  and  bringing  our 
hotsite/back-up  site  online. 
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UPDATE 

THE  PRODUCT:  Since  testing 
last  May,  Cisco  has  upgraded 
its  MDS  9509  to  support  hard¬ 
ware  IPSec  encryption  for 
Fibre  Channel  over  IP  and 
iSCSI,  hardware  compression 
for  more  efficient  transport  of 
storage  traffic  and  tape  accel¬ 
eration,  which  improves  the 
performance  of  and  extends 
distances  for  remote  backups. 
Cisco  also  has  extended  buffer 
credits  to  up  to  3,500  per  port, 
a  development  that  lets  the 
MDS  9509  extend  Fibre 
Channel  traffic  natively  over 
dark  fiber  or  over  SONET/syn- 
chronous  digital  hierarchy  net¬ 
work  links.  Practically  speak¬ 
ing,  storage  administrators 
now  can  send  Fibre  Channel 
frames  up  to  about  2,175  miles 
from  one  data  center  to  anoth¬ 
er  using  this  capability. 

On  the  management  front, 
Cisco  offers  its  SAN  Extension 
Tuner,  which  helps  storage  ad¬ 
ministrators  fine-tune  traffic 
when  sending  and  receiving 
storage  traffic  over  long  dis¬ 
tances.  Lastly,  Cisco  intro¬ 
duced  SANTap,  a  protocol- 
based  interface  that  lets 
appliance-based  storage 
applications  run  over  highly 
available,  high-performance 
MDS  9000  fabrics. 

THE  COMPANY:  Cisco  intro¬ 
duced  Storage  Specialization, 
a  training  and  certification 
program  aimed  to  help  quali¬ 
fied  reseller  partners  better 
understand  the  key  features 
and  benefits  of  the  MDS  9000 
platform.  Cisco  also  intro¬ 
duced  a  storage  network- 
focused  version  of  its  Cisco 
Certified  Internetworking 
Expert  program. 


This  year  we  are  working  to  get  Brocade  and  McData  to  submit  director-class  switches  for  testing. 
Additionally,  we  are  working  on  a  test  of  storage  management  software,  plan  on  giving  iSCSI  storage 
gear  a  turn  in  the  labs  and  plan  to  test  more  continuous  protection  products  in  a  variety  of  applica¬ 
tion  scenarios. 
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Trust  us,  it's  an  unbelievable  number.  '  - 

But  how  do  you  get  enterprise-class  security  without  blowing  your  budget?  SonicWALL®  has  the  answer. 

We  take  state-of-the-art  network  security  and  make  it  simple,  reliable  and  affordable.  So  you  can  feel  secure. 


Take  our  Gateway  Anti-Virus/Intrusion  Prevention  Solution.  It's  real  network  security  that  delivers  intelligent, 
real-time  protection  against  the  most  sophisticated  new  viruses,  spyware  and  network  intrusions.  It  combines  a 
powerful,  deep  packet  inspection  engine  with  a  continuously  updated  database  of  the  latest  attack  signatures. 
Comprehensive  security  in  an  affordable,  usable  package— that's  the  SonicWALL  answer. 


Take  the  guesswork  out  of  network  security.  For  more  details  on  our  Gateway  Anti-Virus,  Anti-Spyware,  Intrusion 
Prevention  and  other  dynamic  threat  management  solutions  visit  www.sonicwall.com/home/gav.asp  or  call 
us  at  1.888.557.6642. 


Around  the  clock ,  around  the  world,  and  around  the  Web- 

SonicWALL  is  there  for  you. 
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Web  application  firewalls,  Web  application  monitoring  tools,  Web  front-end  devices. 
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The  Teros  Secure  Application  Gateway  100SSL  helps  lock  out 
unwanted  intruders  looking  to  compromise  Web  content  without 
affecting  performance. 


We  picked  the  Teros  Secure  Application  Gateway  100SSL 
as  a  winner  because  it’s  got  both  security  and  style. 

When  we  tested  this  product  last  spring,  Network  World 
Lab  Alliance  member  Thomas  Fbwell  noted  this  Web 
application  firewall  appliance  offers  a  “a  nice  blend  of 
positive  and  negative  firewall  model  features  that  should 
be  capable  of  protecting  all  but  the  most  sensitive  appli¬ 
cations.”  Specifically  we  found  the  Teros  100  capable  of  detecting  and  blocking  all  the  common  Web  site  attacks  including 
forceful  browsing,  SQL  injection,  form-field  tampering,  cookie  tampering  and  cross-site  scripting  (DocFinder:6065). 

This  product  firmly  embraces  the  notion  of  federated  management  roles. The  Teros  management  tools  allow  for  a  clear  divi¬ 
sion  between  tasks  that  a  device  administrator  needs  to  handle  and  tasks  over  which  an  application  administrator  must  have 
purview. “This  approach  to  management  makes  Teros  ideally  suited  for  multisite,  hosted  environments  or  a  largescale  corpo¬ 
ration  with  multiple  sites  and  owners”  Fbwell  said. 

On  top  of  its  solid  security  infrastructure,  the  Teros  100  sports  a  highly  polished  Web-based  interface  and  offers  a  number  of 

features  that  address  content  integrity  and  performance. 

Another  particularly  positive  aspect  is  that  the  Teros  box  addresses  the  unthinkable  —  a 
site  or  application  breach.  A  variety  of  features  help  mitigate  the  fallout  from  potential 
intrusions  or  site  errors.  To  thwart  site  defacement,  the  device  can  checksum  static  pages 
and  prevent  delivery  if  they’ve  been  modified. 

The  Teros  device  also  lets  you  filter  pages  for  specific  words  and  offers  some  built-in  fil¬ 
ters  to  protect  against  illicitly  placed  information.The  device  can  detect  for  common  data 
formats  such  as  credit  card  or  Social  Security  numbers. 

The  Teros  100  has  built-in  acceleration  features,  including  HTTP  encoding  using  the  gzip 
open  source  data  compression  tool,  SSL  acceleration  and  connection  offloading.  Given 
that  application  security  checks  will  add  overhead  to  site  response  times,  these  efforts  to 
mitigate  the  issue  are  nice  to  see. 


Redline  Networks’  EIX  3250  was 

the  top  performer  in  our  inaugural 
tests  of  Web  front-end  devices,  new 
appliances  that  sit  in  front  of  Web 
server  farms  and  use  a  variety  of 
techniques  to  help  deal  with  grow¬ 
ing  traffic  and  security  concerns 
The  Redline  E I X  3250  excelled  in 
our  compression  and  TCP  offload 
tests,  and  addressed  important 
Web  application  compatibility 
details.  Additionally,  Redline’s  pow¬ 
erful  OverDrive  technology  allows 
highly  customizable  rewriting  of 
inbound  and  outbound  data,  which 
can  be  used  to  improve  security, 
make  sites  more  adaptable  to 
changes  and  even  improve  perfor¬ 
mance  (DocFinder:  6066). 


PRODUCT  MASTERMIND 

THE  MAN:  Abhishek  Chauhan,  co-founder  and  CTO 
JOB  DUTIES:  Leads  technology  and  product  strategy 
direction  and  development  for  all  Teros’  Application 
Security  Appliances. 

FAVORITE  FEATURE:  Business  Object  Protection.The  abili¬ 
ty  of  the  Teros  Gateway  to  identify  and  block  user-defined 
confidential  business  objects  (for  example,  credit  card,  Social 
Security  and  bank  account  numbers)  in  Web  server  responses.  The 
Teros  Gateway  then  can  remove  or  mask  the  information  in  Web  server  responses. 


UPDATE 

THE  PRODUCT:  Since  we  tested 
the  Teros  Secure  Application 
Gateway  100SSL  Version  3.1  last 
spring,  Teros  has  added  sup¬ 
port  for  identity  and  access 
management  features.  Specific¬ 
ally,  Teros  has  partnered  with 
Computer  Associates’  Nete- 
grity  division  to  provide  links  to 
its  SiteMinder  single  sign-on 
product,  which  prevents  users 
authenticated  by  SiteMinder 
from  exploiting  vulnerabilities 
in  application  code  during  a 
SiteMinder  session.  Teros  also 
has  introduced  anti-fraud  capa¬ 
bilities  and  has  streamlined  its 
security  policy  configuration 
processes  for  the  products. 

Additionally,  Teros  intro¬ 
duced  the  FireLine  Web  appli¬ 
cation  gateway  for  midmarket 
companies.  FireLine  features  a 
streamlined  user  interface  that 
enables  a  one-hour  deploy¬ 
ment. 

THE  COMPANY:  Teros  picked  up 
two  executives  —  Dave  Jevans, 
founder  and  chairman  of  the 
Anti-Phishing  Working  Group, 
as  marketing  vice  president, 
and  longtime  sales  executive 
Bill  Moore,  most  recently  exec¬ 
utive  vice  president  of  sales 
and  services  for  Primus  Know¬ 
ledge  Solutions,  as  head  of 
global  sales.  The  company  has 
become  widely  known  as  a 
leader  in  the  rapidly  growing 
application  security  firewall 
market. 
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We  will  continue  our  first-of-its-kind  testing  track  on  the  emerging  Web  front-end  device  market,  this  time 
pushing  these  boxes  to  their  performance  limits.  We  also  are  working  on  a  comparative  test  of  Web  moni¬ 
toring  tools  and  will  test  some  of  the  more  unique  Web  site  usability  assessment  tools. 
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Middleware  is  Everywhere 


MIDDLEWARE  IS  IBM  SOFTWARE.  Powerful  WebSphere 
software.  It’s  the  strong,  seamless  bond  that  can  unite  your 
business, vendors,  partners  and  customers.  Adynamic  link 
designed  to  make  your  entire  organization  more  efficient. 
More  responsive.  More  flexible.  On  demand.  WebSphere 
connects  processes,  with  open  standards.  And  it’s  easy 
to  manage,  too.  So  all  involved  get  a  better  night’s  sleep. 


1.  Guest  checked  in  wirelessly. 

2.  Staff  queries  guest  preferences. 

3.  Vendor  services  integrate  seamlessly. 

4.  Supplies  are  procured  automatically. 

5.  Repeat  customers  increase  profits. 


Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/process  [jjjj  DEMAND  BUSINESS 


WebSphere 
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Location-based  security  systems  for  WLANs,  mobile  middleware, 
WLAN  management  and  monitoring. 
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WLANs  are  at  a  crossroads,  as  many  companies 
have  made  their  infrastructure  decisions  and  now 
desperately  need  tools  and  services  to  help  man¬ 
age,  control  or  secure  these  new  networks.  To  that 
end,  we  focused  the  bulk  of  our  testing  on  a  variety 
of  new  WLAN  management  and  monitoring  tools 
aiming  to  do  just  that. 

While  a  number  of  strong  contenders  populated 
that  wireless  arena  (see  “Finalists,”  this  page),  we 
give  our  Best  of  the  Tests  Award  in  this  category  to 
Aligo’s  Omni  Mobile  platform.  This  mobile  middle¬ 
ware  helps  you  take  applications  and  make  them 
ready  for  mobile  devices  (any  device,  on  any  net¬ 
work). 


The  nod  goes  to  Aligo  because  of  its  outstanding 
performance  in  our  testing  and  its  overall  push  to 
move  mobile  networking  to  a  higher  level.  After  all, 
having  a  new  WLAN  in  place  and  a  bunch  of  new 
devices  in  your  users’  hands  doesn’t  help  move  the 
company’s  bottom  line  if  you  can’t  access  your  busi¬ 
ness  applications  with  those  new  devices  or  across 
these  new  networks. 

Lab  Alliance  member  Barry  Nance  found  that 
Aligo’s  Omni  Mobile  Platform  had  the  best  environ¬ 
ment  for  building,  _ 

deploying  and  manag¬ 
ing  mobile  applications 
(DocFinder:  6067).  The 


system  supports  virtually  every  type  of  wireless  hand¬ 
held  device,  running  —  by  virtue  of  its  Java  applica¬ 
tion  server  architecture  —  on  many  platforms. 

It  has  a  visual  design  environment  that  made 
building  and  reviewing  the  design  of  mobile  appli¬ 
cations  a  breeze.  Imagine  an  IBM  WebSphere  or 
BEA  Systems  WebLogic  environment  especially 
geared  to  wireless  handheld  clients,  add  a  visual 
design  development  tool  and  voila!  You  have  Omni 
Mobile  Platform. 
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AirMagnet  continues  to  amaze  and  surprise  us  with  its  products,  and 
AirMagnet  Distributed  4.0  version  of  its  WLAN  management  suite  was  no  dif¬ 
ferent.  AirMagnet  uses  a  combination  of  proprietary  access  points  and  note- 
book-based  sensors  to  help  assess  an  802.1  la,  b  or  g  area.  The  product  has  an 
outstanding  GUI  and  covers  several  802.11-specific  problem  areas,  such  as 
detecting  rogue  access  points,  interference  issues,  conversion  errors  (an 
802.1  lg  access  point  not  transitioning  to  802.11b),  and  finding  access  points 
that  have  gone  offline  and  need  to  be  rebooted,  for  maintaining  a  dispersed 
WLAN  (DocFinder:  6068). 

Extended  Systems’  OneBridge  Mobile  Solutions  Platform,  another  mobile 
middleware  entrant,  won  plaudits  in  our  testing  for  having  excellent  device 
support  and  a  scalable,  server-neutral  platform.  We  also  liked  the  product’s 
facilitated  discovery  process,  which  helps  companies  that  are  just  beginning 
to  mobilize  their  applications.  The  product  makes  sure  you  thoroughly  con¬ 
template  the  effect  on  each  individual  application  data  item  as  it  transitions 
between  connected  and  disconnected  states  (DocFinder:  6070). 

Newbury  Networks’  Watchdog  could  fit  well  into  the  security  category,  as 
the  main  purpose  of  the  system  is  to  help  prevent  unauthorized  WLAN  users 
from  using  your  network.  The  system  uses  Newbury’s  outstanding  location- 
based  technology  to  pinpoint  where  WLAN 
requests  are  coming  from,  and  then  can 
“block  off”  areas  where  only  authorized 
users  can  connect.  This  is  like  building  an 
invisible  fence  for  your  WLAN,  and  only 
those  users  who  are  inside  the  “fence”  can 
work.  Neat  stuff  (DocFinder:  6069). 
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Aligo’s  Omni  Mobile  Platform  has  a  visual  design 
environment  that  generates  code. 

UPDATE 

THE  PRODUCT:  Aligo  has  not  released  any  new  product  updates  or 
enhancements  since  we  tested  the  Omni  Mobile  Platform  early  last  year. 

THE  COMPANY:  Aligo  last  month  announced  the  completion  of  its  acquisi¬ 
tion  of  H2  Technologies,  a  developer  of  service  management,  dispatching 
and  mobile  field  service  software.  With  the  acquisition,  Aligo  grew  its  cus¬ 
tomer  base  to  more  than  1,200  and  improved  channel  relationships,  the 
company  says.  John  McCarthy,  former  H2  CEO,  becomes  vice  president  of 
sales  for  Aligo.  Also  in  January,  the  company  named  Emerick  Woods,  most 
recently  a  venture  capitalist,  as  its  new  CEO.  Woods  replaces  Robert  Smith, 
who  left  the  company. 


■es  is  that  all  the  innovations  are  first  handled  by  the 
.sHpre-802.11n,  a/b/g  infrastructures).  Still,  we  plan  to 


el  back  to  testing  infrastructure  in  the  wireless  space  in  2005,  tackling  the  new  wireless  mesh 
achnologies  or  even  some  WiMAX  systprtfs^d  hip  re  wireless  performance  testing.  WLAN  moni- 
ing,  also  high  on  our  list  of  test  subjects. 
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George  is  secure  in  his  information  workplace 
k  (and  he’s  not  afraid  to  show  it.) 


Worrying  about  viruses  and  unwanted  content  can  hold  you  back.  That’s  why  thousands  of 
companies  across  the  globe  -  from  Fortune  1 00  organizations  to  small  businesses  -  rely  on 
Sybari  to  secure  their  information  workplaces,  including  e-mail,  instant  messaging,  and 
document  sharing. 

Our  unique  solutions  use  multiple  virus  scanning  engines  and  industry-leading  antispam  and 
content-filtering  technologies  to  stop  threats  before  they  stop  your  business.  Make  the  move 
to  Sybari...  and  experience  the  freedom  of  security  and  productivity. 


Sybari 

SECURING  THE  INFORMATION  WORKPLACE 


To  learn  more, 

visit  www.sybari.com/wss05 
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Four  special  Clear  Choice 
Tests  push  the  limits  of  what 
products  can  do. 
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BY  CHRISTINE  BURNS 

the  majority  of  Network  World  Clear  Choice  Tests, 
the  bottom  line  is  a  firm  recommendation  of 
which  comparable  product  offers  the  top  perfor¬ 
mance,  the  best  management  wares  and  the  most 
useful  feature  set.  But  in  some  test  cases,  the  question  of  which  product 
is  best  is  better  answered  with  “it  depends”  —  it  depends  on  the  tech¬ 
nology  it  depends  on  your  network,  it  depends  on  your  users’  require¬ 
ments,  and  it  depends  on  your  budget. 

In  2004,  four  tests  fell  into  that  category  In  these  tests,  we  examined  a  new 
breed  of  intrusion-prevention  system  GPS);  delved  into  the  security  of  two  VoIP 
configurations;  completed  a  survey  of  where  wireless  gear  stands  up  and  falls 
down  on  security;  and  put  a  record-breaking  number  of  anti-spam  software, 
appliance  and  service  products  through  the  wringer.  Because  of  the  nature  of 
these  tests,  naming  absolute  winners  wasn’t  possible.  But  that’s  not  to  say  that 
some  of  these  products  aren’t  worthy  for  this  year’s  Best  Products  portfolio. 

IPS  In  the  Wild' 

For  our  first-ever  “In  the  Wild”  IPS  test  last  February,  we  spent  five  months  test¬ 
ing  1 1  products  on  a  live  distributed  network  (www.nwfusion.com,  DocFmder 
6071). We  examined  what  these  products  could  detect,  how  powerful  and  flex¬ 
ible  they  were  in  blocking  traffic,  and  how  their  management  systems  support¬ 
ed  real  network  topologies. 

In  our  test,  conducted  in  concert  by  Lab  Alliance  members  David  Newman, 
Joel  Snyder  and  Rodney  Thayer,  Top  Layer  Networks’  Attack  Mitigator  IPS  100 
and  Captus  Networks’  Captus  IPS  4100XT  got  top  ratings  among  rate-based  IPS 
products,  which  block  traffic  based  on  load.  With  a  clear  focus  on  the  problem 
of  denial  of  service  and  distributed  DoS  attacks,  Top  Layer  brings  together  all 
the  tools  needed  to  protect  against  the  widest  variety  of  intentional  and  unin¬ 
tentional  problems. Captus’  product  had  an  astonishing  level  of  detail  and  con¬ 
trol  when  it  comes  to  managing  packet  flows. 

For  content-based  IPS  products,  which  block  traffic  based  on  attack  signa¬ 
tures  and  protocol  anomalies,  the  short  list  comprises  TippingPoint 
Technologies’  UnityOne-200  Intrusion  Prevention  Appliance,  Internet  Security 
Systems’  (ISS)  Proventia  G200  and  NetScreen  Technologies’  (now  Juniper’s) 
NetScreen-IDP  100. 

With  a  clear  interest  in  core-of-the-network  implementation,  UnityOne  offers 
a  good  base  for  a  simple  IPS.TippingFbint  —  recently  bought  by  3Com  —  did¬ 
n’t  stand  out  with  flashy  features,  but  the  architecture  of  the  product  and  the 
capabilities  it  did  offer  make  it  worth  watching. _ 

NetScreen’s  implementation  stood  out  for  its 
rule-based  configuration  that  makes  tuning  easy, 
its  well-thought-out  policy  settings  and  its  honey- 
pot  and  high-availability  features.  Likewise,  ISS’ 
inclusion  of  full  intrusion-detection  system, 
excellent  forensics  tools  and  a  nicely  designed 
attack  reaction  policy  shows  a  serious  under¬ 
standing  of  what  an  IPS  should  do. 


|||  Testing  the  VoIP  security  waters 

Will  security  issues  be  the  death  of  VoIP?  That’s 
the  underlying  question  we  posed  in  our  indus¬ 
try-first  test  of  VoIP  security  implementations.  We 
had  testers  inside  and  outside  of  these  networks 
trying  to  get  to  the  packets  on  the  wire. 
(DocFmder:  6072). 

Only  Cisco  and  Avaya  stepped  up  to  the  chal¬ 


lenge.  The  objective  was  to  disrupt  phone  communications. Via  the  data  and  IP 
phone  connections,  the  attack  team  used  scanning  tools  and  other  techniques 
to  see  and  learn  what  they  could  of  the  topology  After  discerning  and  identify¬ 
ing  “targets,”  the  hackers  then  systematically  launched  dozens  of  attacks,  at  times 
in  combinations  concurrently 

Cisco  came  out  the  big  winner  in  this  test,  proving  it  could  build  a  VoIP  net¬ 
work  —  comprising  its  IP  PBX  and  CallManager  Software  plus  $80,000  worth  of 
Layer  2/3  networking  and  security  gear  —  that  a  sophisticated  hacker  assault 
team  could  not  break  or  even  noticeably  disturb.  The  elaborate  IP  telephony 
package  —  with  underlying  Layer  2/3  infrastructure  and  assorted  security  add¬ 
ons  —  is  the  most  secure  that  Ciscc/s  collective  network  security  expertise 
could  muster,  employing  every  defensive  weapon  in  the  Cisco  arsenal.  And  it 
worked.  After  three  days,  the  attack  team  could  not  find  a  perceptible  disrup¬ 
tion  to  phone  communications. 

Cracking  the  wireless  security  code 

To  get  a  good  handle  on  whether  or  not  you  can  deploy  a  secure  WLAN,  we 
assembled  23  products  from  17  vendors  and  ran  them  through  a  battery  of 
standards-based  and  brute  force  tests  (DocFmder:  6073). 

When  the  dust  settled  in  the  labs  of  testing  partners  Snyder  and  Thayer,  we 
made  some  picks  based  solely  on  the  products’  security  parameters.  On  the 
client  side,  they  recommended  wireless  network  interface  cards  from  3Com 
and  Cisco  because  they  offer  a  range  of  security  options,  don’t  have  broken 
Wired  Equivalent  Privacy  (WEP)  implementations  and  offer  a  clear  direction 
toward  802. 1 1  i,  the  most  secure  of  the  proposed  wireless  security  mechanisms. 

For  access  points,  the  decision  is  tougher.  3Com  and  SMC  Networks  passed  all 
our  tests,  but  we  also  feel  that  Cisco,  HP  and  Proxim  —  which  failed  the  WEP 
tests  —  should  be  on  any  short  list  because  of  the  additional  security  features 
they  offer.  Even  Compex,with  its  small  office/home  office  access  point,  had  the 
ability  to  switch  users  to  different  virtual  LANs, which  is  a  great  security  feature. 

For  wireless  switches,  we  recommend  the  Aruba  Wireless  Networks,  Aire- 
space  (recently  bought  by  Cisco)  and  Trapeze  Networks  boxes,  again,  based 
on  the  variety  of  options  offered.  In  corporations,  these  products  will  provide 
more  security  than  any  of  the  static  access  points  tested. 

Over  the  top  anti-spam  testing 

What  do  you  get  when  you  cross  36  anti-spam  products  with  a  10,000-mes¬ 
sage  live  data  stream?  In  an  environment  where  spam  comprises  as  much  as 
75%  of  all  email,  a  whole  lot  of  data. 

All  36  software,  appliance  and  servicebased  products  underwent  the  first 

round  of  tests  where  we  measured  for  spam  catch 
rate  (including  falsepositive  and  falsenegative 
rates),  and  performance  and  throughput  con¬ 
ducted  by  Snyder  (DocFinder:  6074).  From  that 
field,  we  felt  any  product  with  a  greater-than-90% 
spam  catch  rate  and  lower-than-1  %  falsepositive 
rate  warranted  a  closer  examination  (DocFinder: 
6075). 

Our  short  list  included:  services  from  Postini, 
Advascan  and  Mycom;  appliances  from  Border- 
Ware,  CipherTrust,  Barracuda  and  Messaging 
Architects;  software  packages  tested  on  Unix  from 
Sophos,  Proofpoint  and  Cloudmark;  and  software 
bundles  tested  on  Windows  from  Symantec  and 
MailFrontier. 

As  Synder  noted, “It’s  not  a  question  of  better  or 
worse.  It’s  more  a  question  of  what  solves  your 
problem  best.”  ■ 
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odney  Thayer,  member  of  the  Network  World  Lab  Alliance,  is  a  big 
believer  in  using  open  source  tools  when  simulating  enterprise  envi¬ 
ronments  for  testing  purposes.  “I  dispute  vigorously  the  claim  some 
vendors  make  that  using  open  source  tools  is  not  production-grade 
testing.  [They]  bury  open  source  technology  in  their  products,  some 
even  without  attribution,”  says  Thayer,  who  is  an  independent  net¬ 
work  security  consultant.  “They  can’t  tell  me  that  [a  tool  like] 
OpenSSL  is  not  good  enough  to  test  against  when  they  are  simulta¬ 
neously  claiming  it’s  good  enough  to  sell  to  me.” 

Thayer  and  fellow  Lab  Alliance  partners  Mandy  Andress,  president 
of  ArcSec  Technologies;  John  Bass,  technical  director  at  Centennial 
Networking  Lab;  Thomas  Henderson,  principal  researcher,  Extreme- 
Labs;  David  Newman,  president  of  Network  Test;  and  Thomas  Powell, 
founder  of  PINT;  recently  told  us  which  open  source  tools  they  find 
most  helpful  when  conducting  tests. 


TOOLS:  AirJack  and  File2Air 
SOURCE:  sourceforge.net 

What  do  they  do?  AirJack  is  a  device  driver  for  802.11  raw  frame 
injection  and  reception,  and  File2Air  puts  the  AirJack  contents  on  the 
wireless  network. 

Who  likes  them  and  why?  Wireless  testing  guru  Henderson  relies  on 
these  two  tools  regularly  “File2Air  allows  us  to  develop  802.11  packet 
types  and  insert  them  into  AirJack  wireless  LAN  client  drivers,”  he  says. 
“We  can  test  how  an  access  point  reacts  and  also  get  a  good  view  on 
access  points  from  how  they  react  to  differing  streams.  We  also  use 
File2Air  to  emulate  error  conditions  and  perform  denial-of-service  simu¬ 
lations.” 


I  dispute  .vigorously 
the  claim  some 
vendors  make  that 
using  open  source 
tools  is  not  produc¬ 
tion-grade  testing. 

RODNEY  THAYER 


TOOL:  Ethereal 
SOURCE:  www.ethereal.com 

What  does  it  cfo? This  network  protocol  analyzer,  which  runs  on  Unix, 
Linux  and  Windows  systems,  can  dissect  more  than  650  protocols  (for  a 
list  of  the  protocols,  visit  www.ethereal.eom/introduction.html#features). 

With  Ethereal,  users  can  access  live  network  data 
or  view,  edit  and  save  data-captured  files. 

Who  likes  It,  and  why?  Ethereal  gets  high 
marks  from  Newman  and  Andress  for  supporting 
an  array  of  network  devices,  running  on  many  plat¬ 
forms,  and  being  easily  extensible  and  easy  to  use. 
“It’s  got  the  best  interface  and  the  most  options 
available,” says  Andress,  adding  that  her  favorite  fea¬ 
ture  is  the  ability  to  monitor  traffic  at  the  packet 
level  so  she  can  watch  specific  communications 
while  ignoring  others. 


TOOL:  Fedora  Core 
SOURCE:  fedora.redhat.com 

What  does  it  do?  Fedora  Core  comes  out  of  the 
Fedora  Project,  a  Red  Hat-sponsored  effort  to  build 
a  complete,  general-purpose  operating  system 
from  free  software.  Red  Hat  engineers  and  devel¬ 


opers  from  the  open  source  community  at  large  create  new  releases. 

Who  likes  it,  and  why? Thayer  and  Andress  favor  this  tool  but  employ 
different  versions.  Thayer  likes  Red  Hat  Fedora  Core  1  (now  known  as 
Fedora  Legacy),  but  recommends  skipping  the  “flaky”  Fedora  Core  2. 
Fedora  Core  3,  the  latest  installment  of  the  operating  system,  gets  Andress’ 
vote.  “Red  Hat  is  the  most-used  Linux  system  in  enterprise  systems,  and 
[Fedora  Core  3]  is  developed  off  the  base  of  that,”  she  says.That  gets  test¬ 
ing  very  close  to  a  commercial  Linux  environment  without  the  expense, 
she  explains. 

TOOL:  Firefox,  with  LiveHTTPHeaders  and  Web  Developer 
Extension 

SOURCE:  www.mozilla.org 

What  does  it  do? This  Web  browser  features  pop-up  blocking,  tabbed 
browsing,  Active  X  control  bans  and  an  intelligent  search  engine. 

Who  likes  It,  and  why?  Web  site  developer  Powell  sees  Firefox  catch¬ 
ing  on  as  an  open  source  alternative  to  Microsoft’s  Internet  Explorer.  He 
adds  testing  panache  to  the  browser  via  the  LiveHTTPHeaders  and  the 
Web  Developer  Extension  add-ons.  The  LiveHTTPHeaders  help  users 
debug  Web  applications,  see  which  kind  of  Web  server  a  remote  site  is 
using,  and  view  cookies  sent  by  the  remote  site.  The  Web  Developer 
Extension  simply  adds  a  menu  and  toolbar  to  the  browser  with  critical 
Web  development  tools  that  let  you  validate  the  CSS,  HTML  and  accessi¬ 
bility  of  Web  pages.The  Web  Developer  Extension  also  lets  you  make  live 
edits  to  CSS  pages,  and  configure  Web  site  colors,  create  keyboard  short¬ 
cuts  and  view  style  information  for  page  elements. 

TOOL:  Iperf 

SOURCE:  dast.nlanr.net 

What  does  it  do?  Analyzes  network  bandwidth  and  comes  in  handy 
for  determining  how  adjustments  to  TCP  and  User  Datagram  Protocol 

See  Open  source,  page  68 


Six  Network  World  Lab  Alliance  members  praise  the 
open  source  testing  tools  they  love  to  use. 
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(UDP)  parameters,  such  as  win¬ 
dow  size,  bandwidth  and  time  to 
live,  would  affect  network  performance. 

Who  likes  it,  and  why?  Bass  calls  Iperf  “a  must-have 
for  measuring  link  capacity  latency  and  packet  loss.” 

TOOL:  Kismet 

SOURCE:  www.kismetwireless.net 

What  does  it  do?  Available  for  PCs  and  Macs, 
Kismet  is  a  WLAN  security  assessment  tool  that  works 
with  802.11  a/b/g  for  network  detection,  intrusion 
detection  and  sniffing. 

Who  likes  it,  and  why?  Kismet  is  important  for 
finding  wireless  networks,  offering  up  details  about 
those  networks  and  trying  to  crack  Wired  Equivalent 
Privacy  keys,  Newman  says. 

TOOL:  Multi  Router  Traffic  Grapher  (MRTG) 
SOURCE:  www.mrtg.org 
What  does  it  do?  Monitors  traffic  loads  on  net¬ 
work  links  and  creates  a  live  visual  representation  of 
this  traffic  via  HTML;  can  test  system  load,  logon  ses¬ 
sions  and  modem  availability  MRTG,  based  on  Perl 
and  C,  can  operate  in  a  Unix  or  Windows  environ¬ 
ment. 

Who  likes  it,  and  why?  Bass  recommends  MRTG 
as  “a  time  series  data  grapher  that’s  great  for  monitor¬ 
ing  network  link  utilization  or  anything  that  has  data 
that  changes  over  time.” 

TOOL:  Netperf 
SOURCE:  www.netperf.org 

What  does  it  do?  This  benchmarking  tool  lets  IT 
managers  test  for  unidirectional  throughput  and  end- 
to-end  latency  in  TCP  UDR  Unix  and  other  environ¬ 
ments.  Its  primary  focus  is  on  bulk  data  transfer  and 
request/response  performance. 

Who  likes  it,  and  why?  Newman  calls  Netperf  “a 
simple  and  powerful  PC-based  traffic  generator.” 

TOOL:  Nmap 

SOURCE:  www.insecure.org 

What  does  it  do?  As  the  name  suggests,  Nmap 
maps  out  available  hosts,  the  services  those  hosts  are 
offering  and  what  operating  systems  are  in  use.  Nmap 
also  determines  what  types  of  filters  or  firewalls  are 
employed. 


Who  likes  it,  and  why?  Several  Lab 
Alliance  partners  count  Nmap  among 
their  favorite  open  source  wares  for  its 
ability  to  rapidly  scan  large  networks  or 
single  hosts.  Andress  uses  the  tool  to  con¬ 
firm  services  running  on  a  system,  while 
Henderson  considers  it  a  standard  audit¬ 
ing  tool  for  verifying  configurations  and 
to  help  assure  operating  system/network¬ 
ing  operating  system  protocol  types.  “It 
runs  on  a  variety  of  platforms  and  is  an 
older  and  mature  open  source  project,” 
he  says. 

“Anyone  should  be  able  to  run  it  and 
see  decent  results, "Thayer  adds. 

TOOL:  Nessus 
SOURCE:  www.nessus.org 

What  does  it  do?  One  of  the  most 
popular  open  source  testing  tools,  this 
vulnerability  scanning  tool  matches 
results  against  a  massive  database  of 
security  holes.  An  RSS  feed  lets  users 
monitor  security  checks  and  updates. 
Nessus  runs  on  Windows,  Mac  OS  X  and 
Unix. 

Who  likes  ft,  and  why?  Nessus  is  key 
in  checking  for  known  vulnerabilities  in 
mission-critical  enterprise  devices  and 
applications,  Andress  says.Thayer  agrees, 
saying  that  all  vendor  quality  assurance 
departments  and  IT  managers  should  be 
testing  against  this  “cute,  easy-to-get,  GUI- 
based”  network  scanner.  “At  least  once 
every  six  months,  I  catch  a  product  actu¬ 
ally  crashing, severely,  when  I  scan  it  with 
Nessus,”  he  says. 


TOOL:  Snort 
SOURCE:  www.snort.org 

What  does  it  do?  Developers  tout 
Snort  as  an  open  source  intrusion-detec¬ 
tion  system,  but  the  software  also  functions  as  a  packet 
sniffer  and  logger.  Snort  detects  attacks  and  probes, 
including  buffer  overflows,  stealth  port  scans  and  CGI 
attacks,  and  alerts  users  to  problems  in  real  time. 

Who  likes  it,  and  why?  Talk  to  anyone  in  the  secu¬ 
rity  field  and  chances  are  you’ll  hear  about  Snort. 
Andress,  for  one,  finds  the  tool  an  important  part  of  her 
testing  arsenal  because  it’s  the  “most  equivalent  to 


Whdswh© 

Network  World  Lab  Alliance 


Mandy  Andress 

•  ArcSec  Technologies 

•  Security  hardware  and 
software 

John  Bass 

•  Centennial  Networking  Lab, 
North  Carolina  State 
University 

•  Server  and  network  hardware 

Travis  Berkley 

•  LAN  Support  Services, 
University  of  Kansas 

•  Messaging,  collaboration  and 
wireless  products 

Jeffrey  Fritz 

•  Director  of  Enterprise 
Network  Services  for  the 
University  of  California, 

San  Francisco 

•  LAN/WAN  and  network 
management 

James  Gaskin 

•  Gaskin  Consulting 

•  Operating  systems  and 
SoHo  products 

Thomas  Henderson 

•  ExtremeLabs 

•  Wired  and  wireless  systems 
analysis  and  performance 


Edward  Mier 

•  Miercom 

•  VoIP  and  storage  products 

Barry  Nance 

•  Independent  consultant 

•  WAN/LAN,  mobile  device 
and  application  manage¬ 
ment  products 

David  Newman 

•  Network  Test 

•  Internetworking  equipment 
and  security  products 

Christine  Perey 

•  Perey  Research  and 
Consulting 

» Multimedia  networking 
technologies 

Thomas  Powell 

•PINT 

•  Web  design,  infrastructure 
and  management 

Joel  Snyder 

•  Opus  One 

•  Security  hardware  and 
software 

Rodney  Thayer 

•  Independent  network 
security  consultant 

•  Security  hardware  and 
software 


commercial  products.” 

Snort  benefits  from  having  a  large  pool  of  developers 
working  on  updates,  she  says.  “It’s  stable,  and  new  sig¬ 
natures  are  added  almost  as  instantaneously  as  they’re 
found,  including  Microsoft  exploits,”  Andress  says. 

Gittlen,  former  events  editor  at  Network  World,  is  a  free¬ 
lance  technology  editor  in  Northboro,  Mass. 


The  tBULj  sid 

While  many  Network  World  Lab  Alliance  members  favor  open  source  tools  for  testing, 
some  say  commercial  tools  are  more  appropriate  at  times.  And  at  least  one,  Joel  Synder, 
senior  partner  at  Opus  One,  will  only  use  commercial  tools. 

:,We  don't  actually  use  any  open  source  tools  anymore.  We’ve  had  too  many  bad  expe¬ 
riences  . . .  and  they  aren’t  oriented  toward  scientific  testing,"  Snyder  says. 

He  points  toTCP  and  User  Datagram  Protocol  (UDP)  throughput  testing  as  an  exam¬ 
ple  of  in  which  commercial  tools  work  better.  Testers  "like  to  use  [Test  TCP],  which  is  a 
reaily  simple  program.  But  you  can't  get  statistics  as  the  flows  go  by  —  you  only  get  a 
single  set  of  numbers  at  the  end.  This  means  you  can’t  see  the  behavior  of  the  system  as 
the  load  changes." 

Plus,  Snyder  says,  open  source  tools  don't  have  a  high  degree  of  parallelism.  "They  sit 
on  top  of  an  operating  system  and  are  only  good  for  the  simplest  of  tests,"  he  says. 

Most  testing  of  security  hardware  and  software  tools  he  performs  at  his  lab  can  be 
done  with  commercial  tools.  Among  his  favorites:  Spirent  Communications'  suite  of  net¬ 
work  assurance  and  diagnostic  tools. 

“They're  so  much  more  reliable”  than  open  source  tools,  he  says.  And  if  Spirent 
doesn't  have  what  he  needs,  Snyder  says  he  writes  it  himself. 

Network  Test  President  David  Newman,  who  uses  Spirent's  tools  for  switch,  router  and 


When  Lab  Alliance  members  go  commercial, 
these  are  the  tools  they  seek  out. 

Layer  4-7  testing,  says  open  source  tools  oftentimes  fail  at  scalability.  "For  the  kind  of  box 
testing  I  do,  there  just  aren't  open' source  tools  to  generate  tens  or  hundreds  of  ports  at 
gigabits  per  second  and  then  collate  those  results,"  he  says. 

Even  open  source  advocate  Thomas  Henderson,  principal  researcher  at  ExtremeLabs, 
says  sometimes  the  situation  dictates  the  use  of  commercial  tools.  "I  prefer  tools  that 
are  open  source  or  shared  source  so  that  I  can  guarantee  they  haven't  been  modified  to 
suit  the  results.  But  no  matter  the  source  status,  we  have  to  use  the  best  and  most 
appropriate  tools  for  the  characteristics  we're  testing,"  he  says. 

Henderson  counts  among  his  trusty  fallbacks  Ixia's  Chariot  and  Fluke's  Layer  2  and 
Layer  3  tools  such  as  OptiView. 

Some  Lab  Alliance  members  have  a  set  of  rules  for  when  commercial  tools  are  a  bet¬ 
ter  bet.  Rodney  Thayer,  a  private  network  security  consultant,  offers  this  advice:  “If 
you’re  in  an  environment  that  must  demonstrate  it  uses  equipment  and  tools  with  an 
active  maintenance  contract  in  place,"  then  commercial  testing  tools  are  necessary. 

Thayer,  also  a  fan  of  Spirent’s  offerings  and  security  scanners  from  Agilent,  says  he 
avoids  using  open  source  tools  that  require  him  to  compromise  confidential  information 
in  the  products  to  satisfy  the  license. 

—  Sandra  Gittlen 
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NSI®  is  the  clear  leader  in  Windows®  data  protection  and  high  availability, 
with  over  50,000  licenses  of  Double-Take  deployed  worldwide. 


Double-Take,  built  to  protect  critical  applications,  is  currently  deployed  on  over 
1 2,000  Exchange  Servers. 


Join  the  global  companies  that  rely  on  Double-Take  to  protect  data  and  keep 
applications  running. 


For  more  information  call  888-674-9495,  visit  www.nsisoftware.com/best 
or  www.protect-your-data.com. 


^Double-Take 


SOFTWARE 


Disaster  Recovery  -  High  Availability  -  Centralized  Backup 
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Selected  by  five  columnists ,  these  products  and  services 
offer  fresh' approaches  to  today's  network  problems . 


THE  CATEGORY-BREAKER:  BroadbandAccess  Service 

THE  VENDOR:  Verizon  Wireless,  www.verizonwireless.com 

THE  COLUMNIST:  Ira  Brodsky,  president  of  Datacomm 
Research,  Totally  Unplugged 


What  makes  this  service  so  special?  Until  now,  corporations 
willing  to  use  mobile  data  to  improve  field  productivity  and  service  had 
to  make  significant,  often  unacceptable,  tradeoffs.  Applications  had  to 
be  “dumbed  down”  to  work  over  slow  and  unreliable  services  via 
devices  with  frustratingly  small  screens  and  keyboards.Verizon  Wireless’ 
CDMA2000  EV-DO  service,  marketed  as  BroadbandAccess,  performs  more  like  DSL 
or  cable  modem  service  than  familiar  cellular  data.  BroadbandAccess  heralds  the 
long-touted  era  of  3G  wireless.  With  Evolution-Data  Optimized  technology,  organi¬ 
zations  not  only  can  extend  enterprise  networks  into  the  field  but  also  can  reach 
customers  equipped  with  handheld  multimedia  devices  in  new  ways  —  perhaps 
changing  the  way  we  conduct  business. 


1/ef f 7Pfl  wireless 


Who’s  using  it?  Because 
CDMA2000  EV-DO  rolled  out  during 
the  second  half  of  2004  in  select  cities, 
corporations  are  just  starting 
to  kick  its  tires.  One  of  Veri¬ 
zon’s  biggest  mobile  data  cus¬ 
tomers,  UPS,  is  testing  it.  Other 

companies  are  doing  the  same  but  are  reluctant  to  talk  about  it  for  com¬ 
petitive  reasons.  However,  this  is  a  technology  that  many  users  will  start  to 
employ  on  their  own,  so  it  behooves  IT  leaders  to  learn  what  EV-DO  can 
and  can’t  do  in  order  to  better  manage  and  secure  its  use. 

Verizon  now  offers  at  least  partial  coverage  for  BroadbandAccess  in 
30  cities  and  plans  to  cover  150  million  people  (about  half  the  U.S.  pop¬ 
ulation)  by  the  end  of  2005. 

Suitable  business  applications  include  e-mail  (even  with  large  attachments),  Web 
browsing,  database  queries  and  multimedia  messaging.  Consumer  applications 
include  games,  mobile  TV,  mobile  commerce  and  location-based  services. 

How  much  will  it  cost  the  average  enterprise?  Verizon  initially  targeted 
business  users  exclusively  selling  PC  cards  for  $100  (after  a  $150  mail-in  rebate) 
with  a  one-year  service  contract  and  $50  with  a  two-year  contract.  The  service 
costs  $80  per  month  with  unlimited  use. 
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THE  CATEGORY-BREAKER:  Vintela  Authentication  Services 

THE  VENDOR:  Vintela,  www.vintela.com 

THE  COLUMNIST:  Dave  Kearns,  writer  and 
independent  consultant,  Wired  Windows 


What  makes  this  service  so  special?  Anyone  who 
can  bring  Microsoft  and  Linux  together  deserves  consider¬ 
ation  for  a  Nobel  Prize,  but  that’s  beyond  our  power.  The 
least  we  can  do  is  recognize  Vintela  with  the  Category- 
Breaker  Award  for  simplifying  the  management  of  heterogeneous — Windows,  Unix 
and  Linux  —  networks.  Vintela  Authentication  Services  lets  you  manage  a  single 
logon/password  for  Unix,  Linux  and  Windows  efficiently  —  and  securely  — 
while  extending  Microsoft’s  implementation  of 
Kerberos  authentication  to  the  ’nix  platforms. 

Who’s  using  it?  This  simple,  elegant  solution  was 
adopted  by  almost  100  organizations,  such  as  Advanta 
Bank,  Boeing,  Brown  &  Williamson  Tobacco,  Cross 
Country  Healthcare,  Lockheed  Martin,  Paymentech, 
RotaDyne,  the  U.S.  Department  of  Agriculture  and 
Vertex  Pharmaceuticals. 

How  much  will  it  cost  the  average  enterprise? 

Pricing  is  based  on  a  combination  of  $200  per  man¬ 
aged  host/server  and  $25  per  managed  user.  Vintela 
offers  volume  and  site  discounts. 

COURTESY  Of  INTERNATIONAL  BUSINESS  MACHINES  CORPORATION. 


THE  CATEGORY-BREAKER:  Access  Enforcer 


THE  VENDOR:  Virsa  Systems,  www.virsa.com 


THE  COLUMNIST:  James  Kobielus,  independent  IT  consultant 
and  analyst.  Above  the  Cloud 


What  makes  this  service  so  special?  Access  Enforcer  combines  role  and 
permission  provisioning  with  workflow  in  a  powerful  new  way  Access  Enforcer 
automates  the  access-provisioning  approval  workflow.  If  users  request  online 
access  to  resources  for  which  they  don’t  have 
permission,  Access  Enforcer  automatically  for¬ 
wards  the  request  to  internal  approvers  within 
a  pre-specified,  customizable  business  work- 
flow.  Updates  to  roles  and  permissions  are 
automatically  applied  to  enterprise  directories 
only  when  access  requests  are  approved 
within  the  appropriate 
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Virsa  Continuous  Compliance  Suite 
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KVM  over  IP 


Cyclades  AlterPath™  KVM/net 
offers  a  unique  set  of  features: 

■  Server-based  authentication 

(NT  domain,  LDAP.  Secure  ID,  RADIUS,  TACACS+) 

■  16  and  32  port  models 

■  CAT5  cabling  up  to  500  feet 

■  User  access  logging 

■  System  event  syslog 

■  Integrated  power  management 


Over  85%  of  Fortune  100 
choose  Cyclades. 
www.cyclades.com/nw 

1.888.cyclades  ■  sales@cyclades.com 


eye  I  ad  e 


We've  worked  our  magic 
Now  you  can  work  yours. 
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Secure  KVM  ever  IP  switch 


Centralized  system  management 


Remote  incident  resolution 
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workflow.  When  implemented  within  Virsa  Systems’  Continuous 
Compliance  Suite,  Access  Enforcer  automatically  ensures  that  users  aren’t 
granted  roles  or  permissions  that  might  violate  applicable  laws  or  create 
conflicts  of  interest.  (Access  Enforcer  is  a  separately  licensable  suite  com¬ 
ponent.) 

Who’s  using  it?  Virsa  Systems  developed  Access  Enforcer  at  the 
request  of  its  user  group  of  more  than  100  enterprise  customers  in  various 


verticals:  aerospace,  agribusiness,  chemicals,  consumer  products,  defense, 
financial  services,  government,  healthcare,  higher  education,  high-tech, 
media,  oil  and  gas,  pharmaceuticals,  transportation  and  utilities.  Almost  a 
dozen  customers  currently  have  Access  Enforcer  in  various  stages  of 
deployment,  the  company  says.  All  have  deployed  Access  Enforcer  over 
SAP’s  enterprise  applications  and  platforms. 

How  much  will  it  cost  the  average  enterprise?  Pricing  is  based 
on  a  software  license  of  $50,000  per  instance  deployed. 


THE  CATEGORY-BREAKER:  ThinkPad  T42 

THE  VENDOR:  IBM,  www.ibm.com 

THE  COLUMNIST:  Johna  Till  Johnson,  president  of 
Nemertes  Research,  Eye  on  the  Carriers 


What  makes  this  service  so  spe¬ 
cial?  Biometrics  has  been  the  “next  big 
thing”  in  security  circles  for  the  past  five 
years.  IT  executives  are  intrigued  by  the 
possibilities,  but  reluctantly  end  up  con¬ 
cluding  that  the  technologies  aren’t 
quite  simple  enough  to  roll  out  to  thousands  of  end  users.That 
changed  with  IBM’s  December  introduction  of  the  ThinkPad 
T42,  which  includes  the  IBM  Embedded  Security  Subsystem 
2.0,  which  features  a  built-in  fingerprint  scanner.  By  bringing 


biometrics  to  the  desktop,  IBM  addressed  several  critical 
requirements  that  IT  executives  tell  us  are  top-of-mind  in 
2005:  endpoint  security,  identity  management  and 
compliance. 

Who’s  using  it?  No  enterprise  accounts  are 
publicly  available  at  this  point,  but  we  have  spo¬ 
ken  with  clients  who  are  evaluating  the 
ThinkPad  T42. 

How  much  will  it  cost  the  average 
enterprise?  Pricing  for  the  T42  with 
Embedded  Security  Subsystem  2.0 
begins  at  $1,400. 


THE  CATEGORY-BREAKER:  Eli 


THE  VENDOR:  Electronic  Lifestyle  Integrator,  www.trusteli.com 
THE  COLUMNIST:  Winn  Schwartau,  president  of  Interpact,  On  Security 

What  makes  this  service  so  special?  It  is  a  rare  year  indeed 
|  when  I  get  slap-happy  over  a  product,  but  Eli  certainly  made  me  so. 
Eli  brings  hope  to  the  professional  security  officers  struggling  to 
maintain  a  reasonable  level  of  security  for  a  corporation  with  hun¬ 
dreds  of  distance  offices,  telecommuters  and  travelers  moving  hither 
and  yon  across  the  globe.  Once  this  small  lightweight  is  connected  to 
a  cable  modem  or  DSL  line,  or  router,  Eli  “calls  home”  and  is  assigned  a  “master  server” some¬ 
where  in  the  company’s  expansive  global  infrastructure.Your  Eli,  which  has  secure  Ethernet 
and  wireless  ports  and  a  built-in  network  address  translation  firewall,  then  is  updated  with 
the  latest  and  greatest  in  anti-virus  signatures,  spyware  blocks,  content  filtering  deci 
sions,  popup  detectors  and  more.  Here,  Eli  shines  more  than  any 
other  product  I  have  seen  in  years,  putting  it  into  a  cat¬ 
egory  of  its  own! 

Who’s  using  it?  ELI  is  in  negotiations  with 
a  number  of  systems  integrators  and  service 
providers,  and  a  handful  of  high-profile 
enterprise  organizations. 

How  much  will  it  cost  the  average 
enterprise?  About  $200,  with  service 
that  starts  at  $10  per  month  for  complete 
automatic  managed  security  for  a  small  net¬ 
work. 
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Profile 

Router 
WLAN -Settings 

VPM- Settings 

Email 
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Firewall 
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Parental  Control 

UP-L  filter  ir  g 


Hare  you  can  select  tha  policy  that  reflects  your  security  needs: 


0  Simple  Surfer 
O  Gomer 


This  policy  olows  Surfing  and  E-Mefl.  It  is  the  most 

O  TelftmmlSPsf2^ - - - 

O  Power  User 
O  All  Outbound 


More  online! 

What  else  should  you  know? 

3  Our  columnists  share  detailed  expla¬ 
nations  of  why  they're  so  keen  on 
these  five  products. 

DocFinder  6076 


••• 

••• 

••r 

::: 

••• 

••• 

»»• 

••• 

•«• 

••* 

••• 

••• 

ill 

••* 

••• 

••• 

•  M 

r  * 
#c_ 

••• 

•  •• 
•  •• 
•  •• 

I 

::: 

••• 
•  •• 


••• 

••• 

••• 

••• 

:r 

••• 

••• 

••• 

••• 
••• 
••• 
•  •* 

••• 
••• 
••• 
••• 
••• 
••• 
•  •• 
••• 

••• 
•  •• 
•«• 
••• 
••• 
••• 
•«• 
••• 
••• 
••• 

••• 

••• 

••• 

••• 

••• 

•  •• 
••• 


•  •• 
•  •• 

••• 
«•• 
••• 
••• 
••• 
•  •• 
••• 
••« 
••• 

••• 

••• 

••• 

::: 


Reading  someone 
else's  issue  of 

NetwffkWorW? 

Subscribe  today  and  receive  your  own 
1-year  subscription  for  FREE  - 

a  $129.00  value! 


Your  FREE  subscription  includes: 


5 1  weekly  issues  divided  by  technology  sections  including: 

5^  High  News 
>■  Infrastructure 
Service  Providers 
Enterprise  Applications 
Net.Worker 
>-  Technology  Update 
>  Management  Strategies 
>■  OpEd 

Features/Tests 

Go  to  http://subscribenw.com/mynw  for  your  free  subscription  today! 


>■  Network  World  Signature  Series 

Six  special  issues  providing  a  comprehensive 
overview  of  an  important  aspect  of  the  net¬ 
work  industry. 

Buyer's  Guides 

Comprehensive  reports  with  in-depth  market 
analysis  and  comparative  product  reviews. 

Technology  Insider 

A  bi-monthly  multi-feature  package  focusing 
on  the  hottest  technology  topics. 
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Five  readers  discuss  their 
favorite  network  products 
and  services. 


THE  FAVE:  NetLightmng 
3  acceleration  servici 

VENDOR:  Netli 


customers  began  to  see  performance 
improvements. 


a  multinational  bioscience  company  we  were  looking  to  extend  our  U.S.- 
based  e-commerce  presence  to  customers  and  distributors  in  Asia 
Europe.  Early  testing  with  several  key  distributors  looked  promising,  except  for  consistent  feedback  that  perfor¬ 
mance  was  too  slow.  Millipore  consolidated  its  IT  infrastructure  several  years  earlier,  scaling  back  data  centers 
in  France  and  Japan  to  reduce  costs  and  management  complexities.  But  external  visitors  to  Millipore.com 
needed  to  access  our  centralized  infrastructure  in  Massachusetts,  and  geographically  remote  locations  were 
experiencing  latency  delays  of  up  to  seven  seconds  on  our  site. 

Because  of  the  highly  dynamic  nature  of  the  e-commerce  applications  and  the  tight  integration  with  our  cen¬ 
tral  back-end  database,  traditional  Web  caching  and  externally  hosted  solutions  created  their  own  set  of 
problems.  Fortunately  we  discovered  Netli’s  NetLightning  service,  which  met  several  important  criteria. 
Because  we  had  a  large  production  site  in  use  by  customers  in  several  regions,  any  product  needed 
to  be  easy  to  implement  without  disrupting  current  customers.  We  also  were  working  with  a  small 
staff  focused  on  bringing  new  functionality  online;  we  couldn’t  afford  to  be  distracted  by  modifi¬ 
cations  or  special  configurations  of  our  applications  or  network  infrastructure. Third,  the  solution 
would  need  to  support  highly  dynamic  pages  that  would  be  generated  on  the  fly  for  each  user. 

Within  minutes  of  us  turning  on  NetLightning,  customers  began  to  see  performance 
improvements.The  service  has  been  instrumental  in  the  recent  launch  of  our  e-commerce 
store  in  Japan,  with  a  high  level  of  customer  satisfaction  and  rapid  growth.  Immediately 
after  we  began  subscribing  to  NetLightning,  our  customers  were  able  to  access  our 
e-commerce  site  up  to  77%  faster.  The  8,000  to 

Jeffrey  O’Halloran, 

manager,  Internet  services, 

Millipore,  Billerica,  Mass. 


10,000  scientists  and  engineers  who  come  to 
our  site  every  day  are  getting  a  rich  array  of 
technical  information  and  media  delivered 
much  faster  and  more  reliably  than  ever. 


YEARS  IN  NETWORKING: 


- 


;  -  -  ■; 

_ 


lennett , 

%  Lawrence 


leley,  Calif. 
RKING:  11 


taps 


tor  troubleshooting, 
we  aefivertappea 
subnets  tor  intrusion 
defecuon/preven- 
tion.ana  forensic 
analysis. 


Try; 


l-TV  "T 


t  * 


a 


9 


I 


i 


: 


THE  FAVE: 

vendor!! 


Gigamon  Systems 


awrence  Berkeley  National  Lab’s  enterprise  network,  LBLnet,  is 
an  Ethernet  in  a  star  topology  that  provides  connectivity  for 
some  12,000  devices.  About  10  years  ago,  we  migrated  from  a 
shared  to  a  switched  infrastructure,  leading  to  gradual  “blindness”  as 
we  installed  new  switches  and  removed  old  hubs  and  probes. 

We  began  to  install  network  taps  so  we  could  troubleshoot  the  net¬ 
work.  [Network  taps,  like  GigaVUE,  are  used  to  create  permanent  test 
access  ports  for  passive  monitoring.  A  tap  can  be  set  up  between  any 
two  network  devices, such  as  switches,  routers  and  firewalls.]  In  the  last 
four  years,  the  need  for  network  security  has  been  more  demanding 
than  ever.  So  in  addition  to  using  taps  for  troubleshooting,  we  deliver 
tapped  subnets  for  intrusion  detection/prevention  and  forensic  analy¬ 
sis.  The  need  for  tapping  LBLnet  has  become  even  more  crucial. 

Why  use  taps  and  not  port  mirroring  on  switches?  The  decision  boils 

See  Bennett,  page  76 


JU  T  BEC  \US  THE  SYSTEM  IS  DOWN 
DOESN’T  MEAN  THE  F  EOF!  USING  IT  SHOULD  BE 


Constant,  uninterrupted  access  to  critical  data,  systems  and  people.  Even  when  something  goes  wrong.  That’s  Information  Availability,  And  one; 
the  best  ways  to  virtually  guarantee  Information  Availability  is  by  running  your  production  systems  out  of  our  facilities.  You  manage  your  appk 
nd  data  while  SunGard  Availability  Services  helps  to  ensure  that  the  infrastructure  and  technical  support  you  need  is  always  on.  SunGar<f.'4 

■  y  ■  ,  .  '  ,  ••  'ty*  ‘  r’p'L’ixAS;,, 

offer  a  secure  and  scalable  environment  at  a  lower  operational  cost  for  production.  Plus  we  have  over  60  state-of-the-art  hardened  faq  I  ufjgm 
network,  power  and  equipment  redundancies  that  are  unparalleled.  For  a  free  copy  of  the  IDC 
White  Paper:  “Ensuring  Information  Availability”  visitwww.availability.sungard.com/idcwp. 
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down  to  whether  or  not  you’re 
willing  to  accept  frame  loss  and 
jitter  in  the  system  design.  Switches  have  buffers,  proces¬ 
sors  and  operating  systems.  Further,  their  primary  func¬ 
tion  is  not  to  “mirror”  frames.  It’s  a  simple  fact  of  life  that 
switches  have  bugs,  some  more  than  others.  There  are 


times  when  bugs  that  have  nothing  to  do  with  port  mir¬ 
roring  will  affect  the  ability  to  deliver  frames  to  the  trou¬ 
bleshooting  and  security  equipment.  Worse  yet,  bugs 
with  port  mirroring  can  affect  the  ability  to  deliver  pro¬ 
duction  traffic.  Compare  this  with  a  simple  passive  tap, 
which  has  no  CPU,  operating  system  or  buffers.  It  simply 
couples  some  of  the  transmitted  energy  from  the  trans¬ 
mission  line  to  another  output  port. 

An  integrated  network  tap  provides  the  best  of  both 


worlds.  It  integrates  passive  tap  technology  into  a  system 
that  also  provides  features  associated  with  switching  — 
filtering  and  aggregation  of  lower-speed  ports  to  a  higher- 
speed  port  (several  Fast  Ethernets  into  one  Gigabit  Ethe¬ 
rnet).  Filtering  and  aggregation  take  the  burden  off  the 
machines  that  capture  and  analyze  packets,  so  we  can 
use  fewer  and  lower-cost  machines  to  build  the  system. 

(The  opinions  in  this  article  are  solely  Bennett’s.  LBNL 
does  not  endorse  products  or  services.) 
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I  bought  this  tool  out  of  self-defense, 

because  when  applications  don't  function  the  way  the 
user  expects,  the  problem  is  always 

the  network  is 


use  IT  Guru  to  identify  problems 
with  applications  on  LANs  and 
WANs.  I  bought  this  tool  out  of  self-defense,  because  when  applications  don’t  func¬ 
tion  the  way  the  user  expects,  the  problem  is  always  “the  network  is  dragging!” 

IT  Guru  analyzes  N-tiered  transactions.  For  instance,  a  Web-based  transaction 
might  go  from  the  client’s  browser  to  a  Web  server,  a  Lightweight  Directory 
Access  Protocol  server, an  application  server, a  database  server  and  back. We  run 
a  baseline  of  critical  transactions  under  ideal  conditions  to  get  transaction  pro¬ 
files.  We  place  an  agent  on  the  client  PC  and  each  server  along  the  way  The  ana¬ 
lyst  then  tells  the  tool  to  capture  all  conversations  between  the  client  PC  and  the 
Web  server,  and  so  on.  IT  Guru  then  puts  all  those  conversations  together  so  we 
get  an  end-to-end  view. These  measurements  give  us  transaction  timings  that  are 
the  basis  for  our  service-level  agreements. 

If  the  transaction  goes  from  2  to  60  seconds,  an  analyst  using  this  tool  quickly 
can  identify  the  specific  server  or  the  network  link  where  the  delay  is  occurring. 
He  compares  the  baseline  trace  to  the  60-second  trace  and  the  source  of  the 
problem  is  usually  obvious.We  might  find  that  we  need  to  perform  maintenance 
on  a  database.  If  that’s  the  case,  the  database  server  will  show  increased  times 
from  first  request-in  to  last  data-out.We  can  then  resolve  the  problem  and  get  the 
client  back  in  service  much  more  quickly  than  we  previously  could. 

An  interesting  problem  we  had  was  with  our  “Planogram”  application,  which 
tells  our  grocery  store  managers  exactly  how  to  lay  out  the  shelves  with  prod¬ 
ucts.  It  uses  a  relational  database  to  store  data  and  objects.  A  category  manager 
was  running  a  simple  rename  of  a  product  from  “green  beans”  to  “French  cut 
green  beans.”  Everyone  knew  that  this  transaction  should  take  no  more  than  a 
second,  but  it  was  taking  almost  a  minute. We  put  IT  Guru  on  the  problem  and 
learned  that  the  transaction  was  passing  a  4M-byte  JPEG  file  in  the  stream.When 
we  showed  the  developer  the  trace,  he  quickly  fixed  the  problem. 
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his  is  the  most  effective  service  we’ve  ever  put  in.  It’s  a  pro¬ 
prietary  VPN  delivered  as  a  managed  service.  Illinois  Tool 
Works  is  very  decentralized,  with  more  than  625  business  units  in  44  coun¬ 
tries.  A  lot  of  these  businesses  came  through  acquisitions  made  over  the  last 
10  years,  and  each  one  has  its  own  software  and  systems.  Through  this  man¬ 
aged  service,  Corente  provides  us  with  a  secured  network  and  lets  us  push  out 
any  new  IT  applications  that  we  need  to  provide  to  the  business  units  around 
the  world. 

Corente  saves  us  time  by  providing  the  latest  software  patches  and  feature 
enhancements  that  the  business  units  need. We  started  using  this  in  2001,  and 
it  has  enabled  us  to  seamlessly  connect  a  wide  array  of  disparate  systems 
and  provide  a  secure  network  infrastructure.  That  infrastructure  lets  us  send 
secure  financial  information,  e-mail,  voice,  video  and  other  data  throughout 
the  global  enterprise. 

Previously,  we  used  multiple  frame  relay  services  from  a  variety  of  providers 
to  connect  our  business  units,  which  was  very  expensive.  During  these  last  few 
years  of  cost  containment,  we  replaced  the  majority  of  frame  relay  connec¬ 
tions  with  the  Corente  VPN  at  an  estimated  savings  of  $5.5  million. The  service 
also  was  very  easy  to  deploy.  We  had  all  the  business  units  up  and  running  in 
less  than  a  year. 


Corente  saves  time 

by  providing  the  latest  software  patches 
and  feature  enhancements  needed  by  the 
business  units. 


Gary  Anton, 

vice  president  of 
strategic  sourcing  and  IT, 
Illinois  Tool  Works,  Glenview,  III 

YEARS  IN  NETWORKING:  10 


Me 


mfieriy,  CIO 1 

C  7 licggo  Investment \ 
Group,  Chicago 
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IP  office  has 

become  an  indisposable 
tool  in  the  management 
of  our  phone  and  voice 
processing  needs  of  our 
different  offices.  ^ 


his  product  is 
miles  ahead  of  the 
phone  switches  we  used  before  because  it’s 
so  easily  configurable  either  offsite  or 
onsite.  It’s  also  easily  scalable  to  support  the 
growth  of  our  business,  and  configurable 
either  as  a  voice  PBX  using  circuit-switched 
lines  or  an  IP  telephony  server  using  high¬ 
speed  dial-up  access  or  direct  leased  lines. 
That’s  important,  because  we’re  planning  to 
use  VoIP  communications  at  some  point  in 
the  future. The  product  also  has  an  integrat¬ 
ed  voice  recorder,  which  saves  the  expense 
and  maintenance  of  a  separate  device,  and 
frees  up  valuable  rack  space.  IP  Office  has 
become  an  indispensable  tool  in  the  man¬ 
agement  of  our  phone  and  voice  process¬ 
ing  needs  of  our  different  offices. 

We  installed  the  switch  initially  at  our 
Boca  Raton,  Fla.,  branch  office  in  July  2004, 
and  our  president  was  so  impressed  that  he 
asked  us  to  install  it  in  our  New  York  office. 
We  also  are  putting  a  switch  in  our 
Chicago  office.  IP  Office  supports  appli¬ 
cations  such  as  enhanced  messaging 
and  Web-enabled  conferencing.  Our 
employees  can  manage  their 
phone  calls  using  a  graphical 
interface,  and  they  can  get  phone 
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messages  in  the  form  of  e-mails. 

We’re  in  a  flux  period,  and  a  lot  of  our  bro¬ 
kers  frequently  move  around  to  different 
offices.  The  fact  that  this  product  enables 
such  easy  configuration  of  lines  makes  it 


valuable.  We  have  cut  down  on  the  amount 
of  time  it  takes  us  to  configure  new  lines 
from  five  or  six  hours  a  month  per  office  to 
about  20  minutes  per  month.We  don’t  have 
to  go  to  an  outside  vendor  to  program  the 


switch,  as  we  did  in  the  past. 

Violino  is  a  freelance  writer  covering  busi¬ 
ness  and  technology.  He  can  be  reached  at 
bvioIino@optonline.net. 


NOW  :  i.  CclNC 


'4M 


m  ■&&&* 


kSfet.' 


Test  More.  Wait  Less. 

The  Media  Cross-Connect  from  MRV  is  the 
most  intelligent  and  flexible  digital  patch  panel 
available  today.  Addressing  the  challenges  of 
test  &  simulation  labs  everywhere,  the  Media 
Cross-Connect  automates  and  streamlines  the 
sharing  and  reconfiguring  of  test  equipment.  It 
provides  total  control  over  the  entire  test  lab 
infrastructure. 


^MRV 


www.mrv.com/nw 


•  Alter  connections  at  any  time  without 
moving  cables 

•  Automate  testing  to  maximize  time  and 
resources 

•  Flexible  Interfaces  -  SFP.  RJ-45,aod XFP’ 

in  one  chassis  .  [;>"'■  >  ■  ■  ■■ 

•  Wide  Protocol  Range  -  Supporf  foj  any 

pr  otocol  from  DC  to  4.25  Gbps,  and  10  Gig  , 


•  High  Density  -  144  datq  pprts  in  only  5U  . , ; 

•  Linux-based  Management  j 
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?ith  Shaw,  senior  editor  of  product  testing,  picks 
e  coolest  of  the  cool  products  he  tested  in  ’04. 


fter  I  try  out  a  product,  I  often  never  think  of  it  again  —  unless  I  discover 
iffij  that  1  simply  can’t  live  without  it.  Of  the  145  or  so  products  I  tested  last  year,  w*'*  ’  -  L 

_  six  have  withstood  the  Shaw  Test  of  Time  —  they  remained  useful  to  me 

throughout  long-term  tests.  Another  five  were  not  subjected  to  longevity  testing,  but  grabbed  my  fc1 
admiration  all  the  same.  I  think  of  these  eleven  products  as  my  Really  Cool  Tools  picks. 

Altec  Lansing’s  inMotion  portable  audio  speaker:  pack),  just  another  plus  in  this  fine  prod- 
This  device  ($130)  helped  jump-start  the  Apple  iPod  uct  (DocFinder:  6033).  -‘■‘■t 

accessory  revolution.  Once  connected  to  an  iPod  (or  Logitech’s  MX1000  Laser  Mouse:  This 
any  other  portable  music  device), these  portable  speak-  cordless  beauty  ($65)  has  replaced  my 

ers  blast  out  your  playlists  —  Barry  Manilow  and  all.  old,  ratty  roller  mouse.  While  the  sleek, 

Apple’s  AirPort  Express:  Speaking  of  Apple,  this  little  black  mouse  oozes  style,  more  important,  the 
gadget  ($130)  does  wonders.  It’s  a  portable  wireless  “laser”  technology  runs  circles  around  typical  optical 

access  point  (when  linked  to  a  broad-  mice. You  can  accurately  use  the  MX1000  on  surfaces 

band  connection  via  Ethernet)  that  can  that  you  can’t  with  optical  mice  (including  glossier  sur- 

connect  to  a  stereo  system  for  faces).  And  its  ergonomic  shape  makes  long  Web  surf- 

i  streaming  iTunes  music  from  ing  sessions  more  comfortable.  My  only  problem  —  I 

your  PC  and  to  a  printer  for  forget  to  put  the  mouse  back  in  its  charger  when  I  go 
U  easy  printing  from  your  lap-  home  at  night  (DocFinder:  6028). 

;  top.  The  installation  isn’t  the  Sinbon  Electronics’  USB  six-in-one  portable  card 

«  prettiest  in  the  world  (espe-  reader:  This  $20  device,  which  lets  me  read  a  flash 

dally  at  Home  Interopera-  memory  card  on  my  computer,  was  a  snap  to  install  in 

;  bility),  but  once  you  get  my  USB  hub  and  made  me  into  an  instant  fan.  This 

j.  4  things  working,  it’s  very  cool  card  reader  is  just  so  simple,  elegant,  easy  and  hassle- 

dpL.  (www.nwfusion.  com,  Doc-  free  (DocFinder:  6030). 


J  ViewSonic  32-inch  LCD  TV  (N3200w)  that 
beautifully  adorned  the  office  while  I  tested  it 
J  (DocFinder:  6034).  1  also  would  love  to  own 
the  $500  Archos  AV420  personal  video 
recorder,  which  connects  to  a  TV  or  record- 
ing  device  (VCR  or  digital  video 
recorder)  and  transfers  videos  to  the 
device  for  playing  elsewhere  — 
allowing  me  to  be  the  chic  geek 
Jgf  C'C-dlF  watching  my  TV  shows  on  a  plane 
while  everyone  else  is  stuck  with  the  in- 
flight  movie  (DocFinder:  6035). 

SimpleTech’s  SimpleDrive  400G-byte  external  hard 
drive  ($375)  also  falls  in  that  category  The  device 
impressed  me  with  its  ability  to  offer  quick  and  easy 
back-up  capabilities,  ease  of  installation  and  hard- 
drive  size  that  was  nothing  to  sneeze  at  (DocFinder: 
6036). 

On  the  portable  device 
side,  1  had  a  hard  time  say-  j%\  v  ' 

ing  goodbye  to  the  $800 
Sony  Ericsson  p910i  smart 
phone  This  portable  device 
is  much,  much  more  than  a 
cell  phone  —  it's  practical!}  a  Hk 

mobile  office  with  its  ability  to 
store  data,  organize  contacts,  use  y 

e-mail,  play  music  and  create  doc- 
uments.  It  has  a  digital  camera  and  W,: 

video  camera,  PDF  reader,  world  'l,±TSS 

time  locator  and  currency  con- 
verier.  A  storage  slot  (Memory 
m\  Stick  Duo)  allows  access  to  more 
It]  data  and  applications  (DocFinder: 

11  6037). 

iJp  J  Finally,  I  almost  ditched  my  old  cell  phone 
JJ(J  for  the  $200  LG  VX70G0.  The  VX7000  is  the 
fgggjjj^k  phone  to  own  if  you  don’t  have  a  smart 
phone  or  a  converged  PDA  device  but  still 
|  want  to  use  your  phone  for  more  than  just 
I  voice  calls.  The  device  includes  a  video/ 
I  camera  phone  with  integrated  flash,  two 
|  color  displays  (internal  and  external),  five¬ 
way  navigation  button  and  backlit  keypad. 
Downloading  off  the  Verizon  Wireless 
CDMA  lx  network  was  faster  and  easier 
than  with  any  other  device  1  tried,  including 
if  my  suddenly  ancient  cell  phone  (Doc- 
Finder:  6038). 


And  here  are  the  products  I  tested  in  ’04  that  I  sure 
did  like  but  couldn’t  put  to  the  Shaw  Test  of  Time. 
Included  in  this  bunch  is  the  $2,500 


Of  course,  all  these  tools  and  devices  might 
end  up  forgotten  by  midyear  as  the  latest  and 
greatest  devices  come  into  the  office  vying  for  my 
attention. Then  again,  maybe  not. 
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THIS  EVENT  IS  COMING  TO  A  CITY  NEAR  YOU 


DENVER,  CO  |  March  22,  2005  CHICAGO,  IL  |  March  24,  2005 
NEW  YORK,  NY  |  March  29,  2005  BOSTON,  MA  |  March  31,  2005 


COMPLIMENTARY 
EVENT  FOR 

PROFESSIONALS  ONLY 

SOLUTIONS  &  STRATEGIES  IN  7 
KEY  MANAGEMENT  TECHNOLOGIES 


Network  Management/ 
IT  Automation 

and  the  Agile  Enterprise:  Tools  to  Bridge  the  Gap 


hat  ultimately  makes  an  agile  enterprise  agile?  The  sudden  realization 
there's  a  dangerous  gap  between  what  the  enterprise  expects  and 
the  management  tools  you  need  when  a  new  opportunity  looms. 

Or  growth  is  rapid.  Or  a  crisis  strikes. 


Will  you  be  ready?  Attend  Network  Management/IT  Automation  and  the 
Agile  Enterprise:  Tools  to  Bridge  the  Gap,  a  new  Network  World  Technology 
Tour  Event  and  Expo.  Get  a  roadmap  for  the  12  months  ahead.  Hear  advice 
from  expert  colleagues.  Learn  about  the  latest  tools,  technologies,  and  best 
practices  for  successful  network  management.  Qualify  to  attend  and  you'll  gain 
a  year's  worth  of  responsive,  reality-based  solutions  with  practical  know-how  all 
in  one  day.  Register  now.  While  this  event  is  free  to  professionals,  space  is  limited. 


Register  now  at  www.nwfusion.com/NMW5A3 

or  call  800-643-4668 


►  Applications 

►  Security 

►  Business  Services 

►  Performance 

►  Configuration  and  Patch 

►  Service  Level 

►  Web  Services 

WHO  WILL  BE  THERE? 

►  Jim  Metzler,  President,  Ashton,  Metzler 
and  Associates,  Network  Consultants, 

►  Senior  IT  executives  and  C-level 
directors  with  responsibilities  in 
operations,  infrastructure,  applications 
and  security 

•  CTOs  ,  CIOs,  CSOs 

•  VPs  of  IT 

•  VPs  of  Networking 

•  Directors  of  Operations 

•  Network  Architects 

•  Network  IT  Managers 

►  Leading  solution  partners 


Advance  reservation  by  qualified  professionals  is  required  for  complimentary  attendance 


PRESENTING  SPONSORS 
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Map.  Measure.  Manage. 
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O  fftNetScout 

Bell  Labs  Innovations  V  I  vGl  jCOU  L? 


EXHIBITING  SPONSORS 

ACCUf#NT  COhQVEST  £? 

A  WEBSENSE PARTNER  A  WEBSENSE PARTNER  A  WEBSENSE  PARTNER 


This  event  is  limited  to  Network  and  IT  professionals  involved  in 
the  evaluation,  purchase  and  implementation  of  network  manage¬ 
ment  products  and  services.  Network  World  Events  reserves  the 
right  to  determine  total  audience  and  profile  of  complimentary 
attendees  Paid  registration  is  also  available 


Network  Physics 
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—  SERVERS  WITHIN  YOUR  REACH 

FROM  ANYWHERE 
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A  KVM  switch  allows  single  or  multiple 
workstations  to  have  local  or  remote  access  to 
multiple  computers  located  in  server  rooms  or 
on  the  desktop  regardless  of  their  platforms 
and  operating  systems.  KVM  switches  have 
traditionally  provided  cost  savings  in  reducing 
energy  and  equipment  costs  while  freeing  up 
valuable  real  estate. 


Recognized  as  the  pioneer  of  KVM  switch 
technology.  Rose  Electronics  offers  the 
industry's  most  comprehensive  range  of 
server  management  products  such  as  KVM 
switches,  extenders  and  remote  access 
solutions.  Rose  Electronics  products  are 
known  for  their  quality,  scalability,  ease  of  use 
and  innovative  technology. 


Rose  Electronics  is  privately  held  with  world- 
headquarters  in  Houston,  Texas  and  sells  its 
products  worldwide  through  a  large  network  of 
Resellers  and  Distributors.  Rose  has 
operations  in  the  United  Kingdom,  Spain, 
Germany,  Benelux,  Singapore  and  Australia. 


r  "  }..  »  7,  J®/  V>  '  .  .  ,  • 

Rose  Electronics  : 


Rose  Electronics 
10707  Stancliff  Road 
Houston, 


>n,  Texas  77099 

‘  ■■  ■ 


ROSE  US  +281  933  7673 

ROSE  EUROPE  +44  (0)  1 264  850574 

ROSE  ASIA  +65  6324  2322 

ROSE  AUSTRALIA  +617  3388  1 540 


•  Connect  to  remote  computers  over  Ethernet  or  dial-up 

•  Single,  dual,  quad  models 

•  Up  to  1280x1024  resolution,  supports  all  platforms 

•  Scaling,  scrolling,  and  auto-size  features 

•  Easy  to  install,  give  it  an  IP  address  and  run  the  remote  client,  no 
licensing  required 

•  Quad  screen  mode  allows  you  to  see  four  servers  from  one  screen 

•  Secure  encrypted  operation  with  login  and  computer  access  control 


•  Connects  up  to  1000  computers  to  a  KVM  station 

•  Models  for  4,  8,16  computers 

•  Advanced  visual  interface  (AVI) 

•  Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 

•  Connects  to  PS/2,  Sun,  USB,  or  serial  devices 

•  Converts  RS232  serial  to  VGA  and  PS/2  keyboard 

•  Free  lifetime  upgrade  of  firmware 

•  Security  features  prevent  unauthorized  access 

•  Full  emulation  of  keyboard  and  mouse  functions  for 
automatic,  simultaneous  booting 

•  Easy  to  expand 


UltraMatrix  Remote" 

REMOTE  MULTIPLE  USER  KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 

•  Connects  1000  computers  to  multiple  user  stations  over  IP  or  locally 

•  High  quality  video  up  to  1280  x  1024 

•  Scaling,  scrolling,  and  auto-size  features 

•  Secure  encrypted  operation  with  login  and  computer  access  control 

•  Advanced  visual  interface  (AVI) 

•  No  need  to  power  down  servers  to  install 

•  Free  lifetime  upgrade  of  firmware 

•  Available  in  several  models 

•  Easy  to  expand 


UltraMatrix"  E-series 

PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 

•  PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

•  Advanced  visual  interface  (AVI) 

•  Powerful,  expandable,  low  cost 

•  Easy  to  expand 

•  No  need  to  power  down  most  servers  to  install 

•  Security  features  prevent  unauthorized  access 

•  Free  lifetime  upgrade  of  firmware 

•  Video  resolution  up  to  1600  x  1280 

•  Available  in  several  models 


Vista™  &  Vista-Mini" 

LOW  COST  SINGLE-USER  KVM  SWITCH 
SUPPORTS  UP  TO  64  COMPUTERS 

•  Low  cost  and  easy  to  use 

•  Saves  physical  space,  equipment  and  power  costs, 
reduces  clutter 

•  Available  in  two  different  styles 

•  DB25  connectors,  use  Rose  UltraCable,  supports 
USB 

•  PC  connectors,  use  a  separate  cable  for  keyboard, 
mouse,  and  monitor 

•  Front  panel  LEDs  show  power  &  connection  status 

•  Heavy-duty  steel,  fully  shielded  chassis 

•  Rackmountable 


CrystalView  Cat  5  &  6 
CrystalView  Plus™ 

KVM  EXTENDERS  OVER  CAT  5  &  6 

•  Extend  your  KVM  station  up  to  1,000  feet  from  your  computer 
using  standard  CAT  5/6  cables 

•  VGA,  PC,  Sun,  Serial,  Audio,  and  Mini  versions 

•  Available  in  2  models: 

•  Single  Access  -  Extends  keyboard,  monitor,  and  mouse 
50  to  1,000  feet  away 

•  Dual  Access  -  Allows  you  to  add  a  second  keyboard, 
monitor,  and  mouse  to  the  local  unit 

•  Fully  buffered  signals  to  ensure  consistent  remote  operation 
of  your  PC 

•  CrystalView  Plus 

•  Available  in  single,  dual,  and  quad  video  models 

•  Video  resolution  up  to  1600  x  1200 


800  333  9343 

WWW.ROSE.COM 
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Anti-spam  technology  failing?  Well... 


YOU’VE  BEE 
SCAMMED! 


Meridius  Security  Gateway" 

99%  spam  detection  rate, 

0%  false  positives, 

100%  virus  blocking1 


Call  1.866.895.6931  and  get  a  $5000*  trade-in  credit 


*  Contact  a  BlueCat  Networks  representative  for  promotion  details.  Limited  time  offer.  Promotion  code:  BCN-M105 
t  “Scanning  for  Spam',  Network  Computing  Magazine  Oct.  28,  2004 


<^>INSIDE-THEDaMA3N  * 

www.bluecatnetworks.com/subscrib6 


BlueCat  Networks 

secure  networks,  simplified. 

Call  us:  Schedule  your  free  demo  today. 

1.866.895.6931  Visit  www.bluecatnetworks.com/meridius/nww 

B  .  -Ca*  Networks,  B  ueCat  Networks  logo.  Meridius  Security  Gateway  and  the  Meridius  logo  are  trademarks  of  BlueCat  Networks,  Inc. 


www.nwfusion.com 


N*  NETWORK’ 
INSTRUMENTS 


OBSERVE 


m 


How  much  can  your  network  analyzer  see? 


Observer  is  the  only  fully  distributed  network  analyzer  built  to 
monitor  the  entire  network  (LAN,  802.1  la/b/g,  Gigabit,  WAN). 
Download  your  free  Observer  10  evaluation  today  and  experience 
more  comprehensive  real-time  statistics,  more  expert  events,  and 
more  in-depth  analysis  letting  you  dive  deeper  into  your  network 
than  ever  before. Choose  Observer. 

-  CRflGER-  Guard  against  the  latest  network  threats  by  identifying 
and  isolating  infected  systems  automatically. 

-DRTR  Mini  nG-  Analyze  gigabit  traffic  and  massive  amounts 
of  data  with  Observer's  expanded  options  for  data  mining. 


-JURK  TRRFFiC-  Identify  broadcast  storms,  monitor  excessive 
traffic,  and  optimize  bandwidth  with  Observer's  many  utilization 
metrics  and  over  30  real-time  statistics. 


US  &  Canada  toll  free  800.526.5958 

fax  952.932.9545 

UK  &  Europe  +44(0)1959569880 

www.networkmstruments.com/analyze 


How  Do  You 


Sentry  Gives  You  Secure  Web/I P  Based  Remote  Site  Management 


. 
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"NEW!"  Secure  Shell  (SSHv2)  Encryption 
"NEW!"  SSLv3  Secure  Web  Browser 
"NEW!:"  Active  Directory  with  LDAP 
SNMP  MIB  &  Traps 
Integrated  Secure  Mode  n 
True  RMS  Power  Monitoring 
Outlet  Receptacle  Grouping  for  Dual-Power  Servers 
Fail-Safe  Transfer  Switch  for  Single-Power  Supply  Servers 
Power-up  Sequencing  Prevents  Power  In-rush  O  >rlo  d 
Temperature  &  Humidity  Environmental  M  nitc  ing 
Zero  U  &  Rack-mount  Models 
1 10/208  VAC  Models  with  30-Amp  Power  Distribution 
NEBS  Approved  -48  VDC  Models  Available 


Server  Technology 


Solutions  for  the  Data  Center  Equipment  Cabinet 


When  servers  and  network  devices 
in  the  data  center  lock-up,  network 
managers  need  fast,  secure  and 
reliable  tools  to  respond.  With 
Sentry™  Remote  Site  Managers, 
an  administrator  can  immediately 
reboot  a  remote  system  with  just 
a  few  mouse  clicks.  Sentry  also 
provides  accurate  input  current 
power  monitoring,  environmental 
monitoring  and  integrated  secure 
console  management  using  SSH. 


Server  Technology,  Inc. 


Server  Technology.  Inc. 
1040  Sandhill  Drive 
Reno,  b  89521 
USA 


tollfree  +1.800.835.1515 
tel  +1.775.284.2000 
fax  -1  775.284.2065 

www.servertec:h,eom 

sales@servertech.com 


©Servei  1  ethnology,  Inc.  Sentry  is  a  frademai K  SI  Seri, :  wh 
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Jimmy  had  a  fantastic  vacation.  Unfortunately, 
his  laptop  picked  up  a  tropical  disease. 

No  Problem! 

Introducing  the  world's  first  100%  driver-centric  desktop  firewall 
with  centralized  control 


•  Centrally  manage  and  control  security 
policies 

•  Driver-centric  security  is  always  on  -  even 
before  you  receive  a  network  connection 

•  Intelligent  Network  Detection  switches 
security  policies  when  you  switch  networks 

•  Kill  unknown  processes  before  they  start 

•  Stealth  ports,  Advanced  event  logging, 
Block  all  network  access  &  More 


You  know  the  story  -  Jimmy's  working  in  an  unprotected  network  environment.  Maybe  a  hot-spot  at  a  cafe  or 
airport.  He  checks  his  e-mail.  He  does  a  little  recreational  surfing.  And  his  laptop  is  open  to  attack.  But,  hey,  the  risk 
is  minimal. ..right? 

Now,  you  don't  need  to  worry.  The  NetOp  Desktop  Firewall  provides  all  the  benefits  of  both  personal  and  corporate 
firewalls  in  a  single,  powerful  package  to  shield  your  laptops  and  network  PCs.  Not  only  does  NetOp  prevent 
unwanted  or  dangerous  data  from  entering  or  leaving  your  laptops  -  wherever  they  happen  to  be  -  our  centrally 
managed  process  control  ensures  that  only  authorized  programs  and  services  can  run  on  your  system.  In  short, 
NetOp  expects  the  unexpected! 


FREE 

Download  a  fully- 
functional  trial  copy  at 
www.CrossTecCorp.com 


NetOp' 

Desktop 

Firewall 


But  we  wouldn't  want  you  to  take  any  risks.  So  try  it  yourself,  absolutely  free!  You'll  find  full  details  at 

www.CrossTecCorp.com. 

^  Cross  Tec  |  www.CrossTecCorp.com  I  800.675.0729 

Corporation 

©  Copyright  2000-2005  Danware  Data  A/S.  All  rights  reserved.  NetOp  and  the  red  kite  are  registered 
trademarks  of  Danware  Data  A/S.  Other  brand  and  product  names  are  trademarks  of  their  respective  holders. 


Desktop  Firewall 


_ 


www.nwfusion.com 
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Make  the  best  use 
of  your  network  sniffer. 


Sniffers,  probes,  and  IDS  can  be  a  network  manager's  best 
friends.  But  how  many  are  enough?  Don't  spend  thousands 
on  unnecessary  analysis  hardware  and  software. 

Centralize,  share,  and  manage  your  monitoring  equipment  with 
IntellaPatch  -  your  new  best  friend. 

IntellaPatch  features  remote  management  and  non-intrusive 
switching  capabilities.  You  save  valuable  time,  eliminate 
redundant  equipment,  and  reduce  ongoing  maintenance  costs. 

Now  you  can  manage  your  sniffers,  and  your  budget,  without 
losing  your  sense. 

INTELLAPATCH  Physical  Layer  Switches 


mmmmmmmmm  «,  • 


Ethernet 
Fibre  Channel 
SONET/SDH 


Learn  more  about  how  sniffer  sharing  with  APCON  physical  layer  switch 
solutions  will  benefit  your  bottom  line.  Visit  www.apcon.com/share  to 
download  our  application  brief  and  white  paper. 


www.apcon.com 


W  APCON 

Solutions  for  Networks 


1.800.624.6808 


Network  Boot  Bar 


Control  Power  on  Any  AC 
Powered  Device ... 

Via  Web  Browser,  Telnet, 

Modem  or  Local  Terminal 

Servers,  routers,  and  other  electronic  equipment 
occasionally  “lock-up”,  often  requiring  a  service  call 
to  a  remote  site  just  to  flip  the  power  switch  to  perform 
a  simple  reboot.  With  WTI’s  Remote  Power  Switches, 
you  can  perform  reboot  and  On/Off  control  from 
anywhere! 
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Web  Browser  Access  for  Easy  Setup  and 
Operation 

Encrypted  Password  Security 

4.V 

Dual  15  Amp  Power  Circuits 
Total  30  Amps  Maximum  Load 

115  VAC  and  230  VAC  Models 
Sixteen  (16)  Individual  Outlets 
RS232  Modem  /  Console  Port 
Network  Security  Features 
Power-Up  Sequencing 

Also  Available  in  4,  8  &  16  Plug  Models  and 
Horizontal  1U  and  2U  Models 

Web  Browser  Interface 


Want  an  On-Line  Demo? 

Just  call  or  email  and  you’ll  see  for  yourself  why  so  many 
network  professionals  choose  WTI. 


Yes,  We  are  Customer  Friendly! 

V  Two  Year  Warranty 

V  We  Stock  for  Same  Day  Shipment 
>/  30  Day  No-Fee  Return  Policy 

y/  Start-up  Cables  and  Rack  Kits  Included 


Dual 

Power 

Inputs 


lei 

NB^ieoo 

www.wti.com 


western  telematic  incorporated 

5  Sterling  •  Irvine  •  California  •  92618-2517  •  (800)  854-7226 
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Production  Trackino  Over  Ethernet 
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Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 


Features  C  Beoefits 

•  Interactive  telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection 
Program  Included 

•  Larger  keyboard  and 
display  sizes  available 


COMR  TKHWBE. 

Call  1  800  255  3738  or  visit  www.compnterwise.Gom 


Your  FREE  subscription  includes: 

5 1  weekly  issues  divided  by  technology  sections  including: 


»•  High  News 
»■  Infrastructure 
>-  Service  Providers 
s»  Enterprise  Applications 
>■  Net.Worker 


»■  Technology  Update 
>-  Management  Strategies 
>■  OpEd 

>■  Features/Tests 


Go  to  httpj//s_u,bscribenw.comi 


Jo 


Subscribe  today  and  receive  your  own 
1-year  subscription  for  FREE  - 


Reading  someone 
else's  issue  of 

NetworkWorld? 


a  $129.00  value! 


of  over  2,000  items  on  the  ISC  website. 
Browse  the  on-line  catalog  and  choose  from 
a  wide  array  of  computer  related  product 
solutions  for  today’s  workplace.  Order  on-line 
or  call  for  assistance  from 
one  of  our  knowledgeable 
account  managers. 


Information  Support  Concepts,  inc 

714  N.  Watson  Rd  •  Ste.,  302  •  Arlington,  TX  76011 

Visit  www.iscdfw.com  or  call  1-800-458-6255  for  more  information. 

Solutions  for  IT  -  Network  -  Telecom  Professionals. 

©  2004  Information  Support  Concepts  Inc,  all  rights  reserved 


WWW,  SlilTCA$E.COM 

Luggage,  Fine  Leather  Goods,  Gifts,  and  more! 

Tumi,  Hartmann,  Andiamo,  Samsonite,  Cross 

10%  discount  for  Network  World  readers 
Enter  code  NWW2005 


Legendary  Reli 


Save  up  to  90% 

A  PC  UP 

5- — Smart  UPS  *  B  ck  UPS 
IdBrand  New  UPS  Replacement 
\\  Battc  y  Kits 


.com 


Call  Us  1-866-883-9200 


- 


•  Tl/El  &  I3/E3  Modems 

•  RS-232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax,  AS400  Twinax,  and 
RS6000  Modems  and  Multiplexers 

»  LAN  -  Arcnet/Ethernet/Token  Ring 

•  Video/Audio/Hubs/Repeaters 

•  ISO-9001  I 

•  USB  Modem  and  Hub 

s.i.TECH 

Toll  Free  866-SITech-l  | 

630-761-3640,  Fox  630-761-3644 
www.sitech-bitdriver.com  or  www.sitechfiber.com 
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Advertising  Supplement 

IT  Careers:  Diversity  Role  Models  Respond  to  Challenge 


Over  the  past  decade  one  of  the  biggest  challenges  in 
attracting  under-represented  minorities  and  women  to 
technical  careers  has  been  the  lack  of  role  models  -  people 
who  have  gone  before  and  demonstrated  that  everyone 
has  the  opportunity  to  succeed.  While  the  statistics  relating 
to  percentage  of  African  Americans  or  Hispanics  or  women 
have  not  changed  significantly  over  the  past  five  years,  the 
reality  of  being  able  to  point  to  a  significant  leader  who 
"looks  like  me"  is  gaining  traction. 

Two  leaders  identified  as  role  models  say  there  are  two 
challenges  for  role  models:  demonstrating  that  role  models 
are  not  celebrity  entertainers  or  athletes  and  helping  others 
realize  the  need  for  several  role  models,  not  just  one. 

Thaddeus  Arroyo,  Cingular  Wireless'  first  and  only  CIO  for  a 
group  of  6,000  IT  professionals,  says  the  only  constant  role 
model  throughout  his  life  has  been  his  father,  who 
established  work  ethics  and  an  approach  for  creating  his 
own  success.  Arroyo  was  chosen  one  of  the  50  most 
influential  Hispanics  by  Hispanic  Engineering  and 
Information  Technology  magazine.  Arroyo  says  one  of  the 
most  common  things  he  discourages  is  for  an  employee  to 
look  at  a  specific  job  -  CIO  or  Director,  for  instance  -  and 
drive  to  gain  that  job.  "The  approach  I  have  always  taken 
is  not  to  look  five  layers  up  (the  career  ladder)  and  say 
that's  who  I  want  to  be.  Rather,  I  look  at  the  leaders  who 
are  close  to  me,  my  direct  managers  or  their  bosses.  This 
isn't  about  where  you  want  to  end  up  but  where  you  want 
to  go  next,  and  then  building  the  skills  and  experiences  to 


get  there.  Otherwise,  you're  thinking  so  far  ahead  that  you 
may  miss  out  on  building  a  skill  set." 

Arroyo  reiterates  the  need  for  multiple  role  models  because 
lessons  can  be  learned  from  every  person  and  situation.  He 
says  the  composite  of  leadership  and  technical  skills  that 
develops  over  a  career  generates  success.  He  pinpoints  that 
this  approach  allows  professionals  to  focus  on  achieving 
something  vs.  gaining  a  specific  title  or  job. 

Roy  Perry  echoes  Arroyo's  focus.  Perry,  who  is  corporate  vice 
president  of  global  supply  chain  management  for 
StorageTek,  is  recognized  this  month  as  a  Superhero  in  the 
"Engineering  the  Future"  exhibit  at  the  Chicago  Museum 
of  Science  and  Industry.  "It's  difficult  for  a  student  to  look 
at  an  engineer  and  say  that's  exciting  when  they 
have  rock  stars  and  athletes  that  they  see  and  hear 
every  day,"  Perry  points  out.  "We  need  to  show 
them  that  there  is  a  place  for  them  (in  information 
technology  and  engineering)  to  design  and  create, 
that  they  may  not  be  able  to  dunk  a  basketball  but 
they  can  have  a  passion  for  this." 

Perry  works  to  keep  that  passion,  which  he  kindled 
as  a  child  watching  John  Glenn  and  then  through  a 
series  of  teachers  (and  yes,  he  recalls  Ms.  Ward,  Mr. 

Easton  and  Mr.  Griffin  by  name).  He  believes  it  is  critical  to 
identify  evolving  leaders  and  then  assure  they  have 
challenging  assignments.  "Sometimes  I  have  to  create  that 
challenge,"  he  says.  "If  a  bright,  technical  person  is  idle,  he 
becomes  bored  and  you  lose  them."  Perry  adds  community 


responsibility  to  role  model  categories,  in  addition  to 
leadership  and  technical  role  models.  He  says  to  watch  role 
models  in  all  three  areas  to  learn  how  they  make  decisions, 
execute  and  carry  through.  "The  community  responsibility 
is  important  because  it  rounds  out  the  engineer  or  scientist, 
helps  them  to  understand  that  they  have  a  responsibility 
to  their  own  families  but  also  to  making  the  community 
a  better  place.  If  you  don't  learn  this,  when  you  do  become 
a  corporate  executive  your  view  of  corporate  responsibility 
is  quite  diminished.  We  all  need  to  think  in  a  way  that 
our  company  or  business  exists  in  this  town,  and  this 
town  should  be  better  because  we  were  here." 


For  more  information  about  IT  Careers  advertising, 
please  call:  800.762.2977 

Produced  by  Carole  R.  Hedden 


Two  challenges  for  role  models: 
Demonstrate  that  role  models  are  not 
celebrity  entertainers  or  athletes,  and 
help  others  realize  the  need  for  several 
role  models,  not  just  one. 


Online 

Recruitment 

Opportunities 

Post  your  recruitment 
message  on 
itcareers.com  and 
reach  highly  qualified 
IT  professionals  with 
the  hard-to-find  skills 
you  need. 


Options  include: 
-Corporate  membership 
-Job  posting  packages 
-Resume  database 
-Single  job  posting 

-Integrated  print/online 
packages 


Contact  us  today  for 
rates  and  additional 
opportunities! 


IT 


careers 


800-762-2977 

www.itcareers.com 
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Computer  Professionals 

Cambridge  Resource  Group. Inc. 
needs  top-notch  professionals 
w/consulting  exp.  in  some  of  the 
following  areas  or  combination 
thereof:  Java,  JSP,  JDK,  J2EE, 
XML,  JDBC/ODBC,  Websphere, 
MQ  Series,  EJB,  STRUTS,  Un¬ 
ix,  ECommerce,  PowerBuilder, 
Oracle  Financial  Applications, 
PL/SQL,  SQL'Plus,  SQL  Load¬ 
er,  Developer  2000,  Forms,  Re¬ 
ports,  TOAD,  OracleDBA,  Orac¬ 
le,  C,  C++,  VC++,  Erwin  Data 
Modelling/Designing,  Interwov¬ 
en  TeamSite,  ASP.NET,  C#, 
Visual  Studio.NET,  XML,  XSLT, 
SQL  SERVER  2000,  Oracle, 
Developer  2000,  Crystal  Re¬ 
ports,  Sun  Solaris,  Dataware- 
house,  COGNOS,  Informatica, 
Datastage,  COBOL,  JCL,  V- 
SAM,  CICS,  DB2,  MVS,  IMS, 
VSAM,  Teradata,  EDI  Gentran/ 
Mercator,  AS/400,  Lotus  Notes, 
PeopleSoft  HR/Financials,  SAP 
R/3  and  ABAP/4,  Visual  Basic, 
ATLCOM/DCOM,  CORBA.  Tux¬ 
edo,  ColdFusion,  WinRunner, 
Silk,  LoadRunner,  Rational 
Suite,  SQA  Suite,  Visual  Basic, 
MS  SQL  Server,  BaaN  ERP,  sql 
server,  Test  Director,  Rational 
Robot,  Rational  Test  Manager, 
Rational  ClearQuest,  Rational 
Requisite  Pro,  PVCS,  QTP,  Cry¬ 
stal  reports,  Activereports,  Cor- 
ba,  SAP,  Artifical  Intelligence, 
SAS.  Top$.  Requires  Master's/ 
Bachelor’s  degree  w/1  to  5  yrs  of 
professional  exp.  Must  be  willing 
to  travel  to  client  sites  through¬ 
out  the  U.S.  Please  email 
resume  to  resumes@crgsoft.com 
or  mail  to  CRG  Inc,  18  Lyman 
street,  Suite  207,  Westboro,  MA 
01581. 


Place  your 
Labor  Certification 
ads  here! 

Are  you  frequently  placing 
legal/ immigration  advertisements  ? 
Let  us  help  you  put  together  a 
cost  effective  program  that  will 
make  this  time-consuming 
task  a  little  easier. 

Contact:  Danielle  Tetreault  at: 

800-762-  2977 _ 


Sr.  Software  Developer.  Job  in 
Tallahassee,  Florida.  Respon¬ 
sible  for  development  &  mainte¬ 
nance  of  existing  code  base  for 
records  management  software 
in  multi-tier  program  environ¬ 
ment  using  component  based 
object  oriented  methodologies. 
Duties  include  analysis  of  req’s, 
developing  code  base,  &  prepa¬ 
ration  of  technical  documenta¬ 
tion.  Position  requires  installa¬ 
tion  and  configuration  of  record 
and  document  management 
software  and  troubleshooting 
defects  reported  by  QA  and 
Support.  Req's:  Bachelor's  de¬ 
gree  (or  foreign  equivalent)  in 
CS,  EE  or  CE  plus  4  yrs  experi¬ 
ence  in  job  offered  position  or  4 
yrs  exp  in  related  occupation  as 
a  Software  Engineer  or  Soft¬ 
ware  Developer.  40  hr  wk. 
9am-5pm,  $67,000/yr.  Send 
resume  to  Agency  For  Work¬ 
force  Innovation,  P.O.  Box 
10869,  Tallahassee,  FL  32302. 
RE  JO  FL  #2614742. 


Share  Logic,  Inc  has  openings 
for  the  following  positions  to 
work  at  client  sites  thorughout 
the  United  States: 

Software  Engineer  with  experi¬ 
ence  in  Client  Server,  Java, 
Oracle  SQL,  Sybase  Databases, 
networking  and  web  design. 

Peoplesoft  Software  Engineer 

with  experience  in  Peoplesoft, 
Windows  NT,  Java,  relational 
data  modeling. 

System  Administrator  with 
experience  in  network  systems, 
win  runner,  Oracle  and  Toad 
Tool. 

SAP  Developer  with  experience 
SAP  R/3,  ALE.  I  DOCS,  Work- 
flow,  Java  and  BAPI's. 

Apply  to:  Share  Logic,  Inc,  326 
West  Main  Street,  Milford,  CT 
06460. 


Software  Engineer  in  Westmins¬ 
ter,  CO:  Develop  algorithms  in 
decision-based  technologies  for 
company's  applications  in  finan¬ 
cial  analysis.  Work  w/  Manager 
&/or  Sr.  S/W  Architect  to  develop 
strategies  for  applying  s/w  and 
h/w  technologies  to  applications 
under  development.  Participate 
in  s/w  dev  projects  from  concep¬ 
tual-design  through  implementa¬ 
tion  &  testing.  Use  state-of-the- 
art  s/w  technologies  w/  empha¬ 
sis  on  object-oriented  technolo¬ 
gies.  Coordinate  efforts  with  po¬ 
tential  users  and  developers  to 
ensure  user  requirements  are 
covered  in  design  and  imple¬ 
mentation.  Provide  ongoing  sup¬ 
port,  consulting  &  system  en¬ 
hancements  after  release.  BS 
in  Comp  Sci,  Comp  Eng,  Math, 
or  related  or  foreign  equiv,  +  2 
yrs  exp  in  job  offered  or  in  s/w 
dev,  programming/analysis,  or 
design.  Req.  course  work  in  lin¬ 
ear  &  non-linear  programming, 
artificial  intelligence  &  object-ori¬ 
ented  technologies  &  develop¬ 
ment  theories.  Exp  to  have 
included  Microsoft  Windows 
Operating  Systems,  Microsoft 
SQL  &  C++.  40  hrs/wk,  9am- 
5pm,  $77,542/yr.  Application  by 
resume  only.  Respond  to  Work¬ 
force  Development  Programs, 
PO  Box  46547,  Denver,  CO 
80202.  Refer  to  job  order  #: 
CQ51 05606. 


Design  Engineer:  Research, 
dsgn  hw/sw  on  32-bit  embed'd 
processor  w /  Intel  XScale, 
StrongArm,  Protel  &  Cadence's 
Spectra  toolsets:  Dsgn,  test 
PSpice  for  power  simulat'n, 
model'g  &  high  volt  DC-DC 
power  supplies;  Set  up,  program 
&  operate  Auto'd  Surface  Mount 
Pick  &  Place  (ASMPP)  board 
assembly  machines.  40h/wk,  8- 
5,  MS  in  comp  eng'g  or  related 
fields,  1-yr  wk  exp  in  job  or  other 
pos’n  w /  StrongArm,  PSpice. 
Resume  to  HR.  SI  Solutions, 
Tampa  FL.  Craia@s-i-solutions 
com.  Fax:  813-630-2532.  Only 
US  Workers  can  Apply. 


COMPUTER  PROFESSIONALS 
Opportunities  for: 

•  SYSTEMS/BUSINESS/ 
PROGRAMMER  ANALYSTS 

•  PROCESS  CAPABILITY 
ANALYST 

•  QC  ANALYST 

•  WEB  ARCHITECTS/ 
DEVELOPERS 

•  SYSTEMS  ANALYSTS 

•  WEB  GRAPHIC  DESIGNERS 

•  NETWORK  ENGINEERS 

•  PROGRAMMER/ANALYSTS 

•  SOFTWARE  ENGINEERS 
SKILLS: 

•  COLD  FUSION  •  SPECTRA 

•  ORACLE  •  VISUAL  BASIC 

•  VISUAL  C++  •  SIEBEL  •  ASP 

•  COM,  DCOM  •  JSP  •  HTML 

•  JAVA,  JAVA  BEAN  •  EJB  JAVA 
SERVLETS  •  WEBSPHERE 

•  IBM  MQ  SERIES  •  XML.UML 

•  MTS  •  CLARIFY  •  PERL 

•  OBJECTPERL • SPYPERL 

•  SMALLTALK  •  PL/SQL 

•  VISUAL  AGE  •  COBOL,  SPL, 
UNIX 

Visit  our  website  @ 
www.computerhorizons.com 
Attractive  salaries  and  benefits. 
Please  forward  your  resume  to 
H.R.  Mgr.,  Computer  Horizons 
Corp.,  49  Old  Bloomfield 
Avenue,  Mountain  Lakes,  New 
Jersey  07046-1495.  Call 
973-299-4000.  E-mail:  jobs@ 
computerhorizons.com.  An 
Equal  Opportunity  Employer  M/F, 


ASSOCIATE  PROGRAM¬ 
MER/ANALYST  -  Analyze, 
dsgn.,  dev’p,  conf.,  &  test 
comp.  Soft.  Prgms.  Req'd: 
MS  in  CS;  exp.  w/UNIX, 
HTML,  Java,  SOL  7.0, 
Oracle  9i.  XML,  JSP,  and 
Solaris.  Resumes:  Forest 
Laboratories,  Inc.  500  Corn- 
mack  Road,  Commack,  NY 
11725.  Attn:  C.  Cantalupo. 
Ref.  #2. 


SAP  Development  Lead  (APO  & 
BW)  -  Snr  level,  experience¬ 
intensive  lead  SAP  applications 
development  role  to  estimate 
requirements,  analyze,  design  & 
manage  overall  development, 
testing  &  support  highly  com¬ 
plex/customized  add-ons  to 
SAP's  "Advanced  Planner  & 
Optimizer"  ("APO”),  Business 
Warehouse  (“BW")  &  R/3  sys¬ 
tems  implemented  globally.  Will 
also  technically  mentor  less- 
experienced  SAP  staff,  perform 
resource  allocation  &  budget 
estimates.  Technical  oversight 
responsibilities  require  24/7  on 
call  availability.  Requires  a  Bach 
degree  (or  equivalent)  in  MIS, 
Comp  Science,  Computer  En¬ 
gineering,  Electrical  Eng,  Math 
or  relevant  field  plus  7  years  in 
job  offered  OR  7  yrs  exper  in 
application  development,  the 
majority  of  which  was  in  SAP 
R/3  and  at  least  1  yr  specifically 
involved  leading  a  development 
team  for  custom  enhancements 
of  SAP’s  Demand  Planning 
(“DP")  &  Supply  Network  Plan¬ 
ning  (“SNP")  modules,  inter¬ 
faced  with  SAP's  "BW".  Must 
also  possess  demonstrated  abil¬ 
ity  in  the  following:  (1)  configur¬ 
ing  &  customizing  Core  Interface 
(“CIF")  for  data  transfer  between 
R/3  &  APO;  (2)  designing  &  con¬ 
figuring  BW  infocubes,  infos- 
ources,  infosets,  datasources  & 
infopackages  &  interfacing  be¬ 
tween  BW  &  other  on-line  trans¬ 
action  processing  systems'  (3) 
designing,  developing  &  sup¬ 
porting  SAP  interfaces  using 
RealTech’s  Interface  Manage¬ 
ment  3  ("IM/3")  tool;  (4)  configur¬ 
ing,  extending  &  customizing 
data  extraction  using  Intermedi¬ 
ate  Documents  ("IDocs")  &  Ap¬ 
plication  Link  Enabling  (“ALE")  & 
(5)  independently  monitoring  & 
fixing  batch-cycle  problems  in 
SAP/UNIX/Autesys  job-schedul¬ 
ing  environment.  Sal:  $108,000/ 
yr,  9a-5p.  Send  2  copies  of  resu¬ 
me  only  to  Case  #  200300610. 
Division  of  Career  Services  L  a- 
bor  Certification  Unit,  19  Staf¬ 
ford  St.,  1st  fl.,  Boston.  MA 
02114.  Applicants  must  be  U.S 
workers  eligible  to  accept  fi.fi-  f 
time  employment  in  U.S 
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Computer  Professionals 

Computer  Consultants.  Inc. 
needs  top-notch  professionals 
w/consulting  exp.  in  some  of  the 
following  areas  or  combination 
thereof:  Java,  JSP  ,JDK  J2EE, 
XML,  JDBC/ODBC,  Websphere, 
MQ  Series,  EJB,  STRUTS,  Un¬ 
ix,  ECommerce,  PowerBuilder, 
Oracle  Financial  Applications, 
PL/SQL,  SQL'Plus,  SQL  Load¬ 
er,  Developer  2000,  Forms,  Re¬ 
ports,  TOAD,  Oracle  DBA,  Or¬ 
acle,  C,  C++,  VC++,  Erwin  Data 
Modelling/Designing,  Interwov¬ 
en  TeamSite,  ASP.NET,  C#,  Vis- 
ualStudio.NET,  XML,  XSLT,  SQL 
SERVER  2000,  Oracle,  Devel¬ 
oper  2000,  Crystal  Reports,  Sun 
Solaris,  Datawarehouse,  COG- 
NOS,  Informatica,  Datastage, 
COBOL,  JCL,  VSAM,  CICS, 
DB2,  MVS,  IMS,  VSAM,  Tera- 
data,  EDI  Gentran/Mercator, 
AS/400,  Lotus  Notes,  People- 
Soft  HR/Financials,  SAP  R/3 
and  ABAP/4,  Visual  Basic,  ATL- 
COM/DCOM,  CORBA,  Tuxedo, 
ColdFusion,  WinRunner,  Silk, 
LoadRunner,  Rational  Suite, 
SQA  Suite,  Visual  Basic,  MS 
SQL  Server,  BaaN  ERP,  sqlserv- 
er,  Test  Director,  Rational  Robot, 
Rational  Test  Manager,  Rational 
ClearQuest,  Rational  Requisite 
Pro,  PVCS,  QTP,  Crystal  re¬ 
ports,  Active  reports,  Corba, 
SAP,  Artifical  Intelligence,  SAS. 
Top  $.  Requires  Master's/Bach¬ 
elor's  degree  w/1  to  5  yrs  of  pro¬ 
fessional  exp.  Must  be  willing  to 
travel  to  client  sites  throughout 
the  U.S.  Please  email  resume  to 
resumes@computerconsultant 

inc.com  or  mail  to  CCI  INC,  222 
Turnpike  Rd,  Suite  9A,  West- 
boro,  MA01581. 


SYSTEM  ANALYST 

Analyze  business  and  all  other 
data  processing  problems  for 
application  to  electronic  data 
processing  systems.  Analyze 
user  requirements,  procedures, 
and  problems  to  automate  or 
improve  existing  systems  and 
review  computer  system  capa¬ 
bilities,  work-flow,  and  schedul¬ 
ing  limitations.  Bachelor  of  Sci¬ 
ence  in  Computer  Science  and 
two  years  experience  required  in 
Java,  Java-script,  HTML,  C++, 
Windows,  Oracle,  MS  Access, 
Unix,  Fox-base,  COBOL,  and 
Perl.  $74000  per  year.  Qualified 
applicants  submit  resumes  to 
Samuel  J.  Grosso,  Vice  Presi¬ 
dent,  Kimso  Apartments,  Inc., 
240  Parkhill  Avenue  Staten 
Island,  NY  10304. 


Amtex  Systems  seeks  Software, 
System  Engineers,  DBA  to 
design  Oracle/DB2,  web-based 
applications.  Req:  MS  or  BS 
with  exp.  Job  site:  various  of  the 
country  including  Detroit,  Ml. 
Travel  maybe  required  for  some 
positions.  Please  send  resume 
to  info@amtexsystems.com. 
EOE. 

Computer  Contract  Services, 
Inc.  has  openings  for  Sr.  IT 
Consultants.  Job  site:  Ann  Arbor, 
Michigan.  Minimum  requirement 
is  BS  with  2-yr  experience  using 
the  SAS  system,  Unix  &  NT  plat¬ 
forms.  Competitive  wage  with 
full  benefits.  Please  contact 
ken.schmidt@ccsiteam.com. 
EOE. 


Oracle  Database  Administra¬ 
tor:  To  administer  Oracle 
RDBMS,  9i  App  Server,  Ap¬ 
plications  11.0.3  (Financials) 
Oracle  Collaboration  suite.  FT 
position  &  competitive  salary. 
Requires:  MS  -  Information 
Management  or  computer  sci¬ 
ence,  3  yrs  experience,  & 
Oracle  Certified  Professional. 
Send  resumes  to:  Karen 
Cumber  (Administrative  As¬ 
sistant)  HR,  Allen  Lund 
Company,  4529  Angeles 
Crest  Hwy,  #300B,  La 
Canada,  CA  91011  or  E-Mail 
to  resume@allenlund.com. 


INFORMATION  TECH 

RevereData  LLC  seeks  candi¬ 
dates  for  the  following  positions 
in  downtown  SF: 

Sr.  System  Administrator  - 
Exp  in  design  &  support  of  real¬ 
time  financial  systems  on  multi¬ 
platform  environ. 

Senior  Architect  -  Exp  in  des¬ 
ign  architecture  of  applications 
in  the  multi-tier,  multi-platform 
environ. 

Data  Architect  -  Exp  in  data 
modeling,  ORACLE,  ETL, 
OLAP,  ERD,  UML,  IDEF1X, 
J2EE,  Unix  Shell. 

Senior  Software  Engineer  - 
Exp  in  Java/Web  Ul  developer, 
3+  yr„  Oracle,  J2SE,  XSLT, 
DHTML. 

Senior  Database  Admin.  -  Exp 

w/Oracle/MS  SQL  on  multi-plat¬ 
form  environ. 

Software  Engineer  -  Real-time 
Software  developer  w/exp  in  Cl 
C++,  TCP/IP  networking,  IP  pro¬ 
tocols  design,  Oracle. 

To  Apply:  Send  resume  w/refer- 
ence  to  position  sought  to  HR 
Department,  Revere  Data,  Jobs 
LC05,  222  Sutter  St.,  Suite  450, 
San  Francisco,  CA  94108. 


Research  Engineer  for  EM 
s/w  development  with  MS  in 
EE  or  related  field  &  min  3 
yrs  exp  in  FDTD  code 
development.  Duties  in¬ 
clude:  developing  efficient 
serial  &  parallel  CFDTD 
Maxwell  solver  engines  on 
a  PC  cluster  &  tools  for 
visualization  of  the  simulat¬ 
ed  results.  Mail  resume  to 
RM  Associates  (RMA), 
1211  Deerfield  Dr,  State 
College,  PA  1 6803-2207,  or 
fax  to  814-865-1299. 


Software  Engineer  wanted  by 
AS  Systems  working  in  Austin 
to  develop  S/W  on  CTI,  call 
center  IVP  using  skills  such  as 
TSAPI,  TAPI  &  integration  with 
AVAYA,  Nortel  switches,  em¬ 
bedded  system  programming. 
Please  send  resumes  to  9600 
Greant  Hill  Trail,  Ste  150W, 
Austin,  TX  78759. 

Internet  Operation  Center 
(IOC)  seeks  software/project 
engineers,  analysts,  DBA.  Dut¬ 
ies  include  quality  assurance, 
use  Oracle,  Web  Tech,  VB, 
DB2,  ASP,  C/C++,  XML,  Java/ 
Script.  Must  have  MS  or  BS 
plus  experience.  Job  site: 
Southfield,  Ml.  Please  apply  at 
resume@iocenter.net.  EOE. 


Programmer  Analyst:  Design, 
develop,  analyze,  test,  and  rec¬ 
ommend  software  requirements 
for  database  applications  as  well 
as  develop  and  perform  data¬ 
base  management  for  leading 
industry  clients.  Use  object-ori¬ 
ented  programming  using 
Oracle,  Java,  Perl,  XML,  Solaris, 
Web  logic,  C++  and  current  Web 
Technologies  in  Windows,  Unix 
and  Linux  environments.  Need 
Bachelors  Degree  in  Comp. 
Science  or  MIS  or  related  &  2 
yrs  of  exp.  Send  Resumes  to 
HR.  Asset  Optimization  Group, 
Inc.,  11200  Richmond,  Suite 
470,  Houston,  TX  77082  or  E- 
mail:  hr@aogtech.com 


SYSTEMS  ANALYST 

Analyzes  user  requirements, 
procedures  and  problems  to  au¬ 
tomate  processing  or  to  improve 
existing  computer  systems.  BS 
in  CS  or  IS  or  eng.  or  math-relat¬ 
ed  and  2  yrs.  Exp.  in  job  offered. 
Must  be  able  to  travel.  Incl.  in 
the  2  yrs.,  must  have  2  yrs.  exp. 
with  various  computer  skill  sets 
such  as:  C #,  VB.NET,  ASP  .Net, 
ADO. Net,  Visual  Basic,  ASP, 
COM,  ActiveX,  JAVA,  C++,  D- 
HTML,  VBScript,  XML,  .NET  & 
J2EE  architecture,  WinForms, 
WebForms,  Web  Services,  Cry¬ 
stal  Report  9.0  Designer,  Oracle, 
MS  SQL  Server,  MS  Access,  ER 
Diagram,  MS  SharePoint  &  SAP 
Sales  Module  and  SDLC.  40 
Hrs./wk.  9  to  5,  Mon-Fri;  No 
overtime.  $57,450/yr.  Apply  re¬ 
sume  to  Attn  Nagesh  Ganta, 
Capricorn  Systems,  Inc.,  3569 
Habersham-at-Northlake,  Build¬ 
ing  K, Tucker,  GA  30084. 


VLS  Systems  has  openings  for 
the  following  positions  to  work  at 
client  sites  throughout  the  Unit¬ 
ed  States:  Software  Engineers, 
Programmer  Analysts,  DBA's, 
and  Project  Managers  with  ex¬ 
perience  in  any  of  the  following 
tools  and  technologies:  Java 
Technologies,  Informatica,  Bus¬ 
iness  Objects,  OOA/OOD,  Orac¬ 
le  Technologies,  Solaris,  Lotus 
Notes,  Domino,  ETL  Processes, 
Hyperion  Essbase,  MS  Analysis 
Services,  Datawarehouseing, 
Perl,  Tuxedo,  DTS,  Websphere, 
Weblogic,  Rational  Rose,  XML, 
XSL,  PL/SQL,  C++,  BRIO,  ERP, 
SAP,  EJB’s  COM,  AS/400, 
DCOM,  Peoplesoft,  SQL  Server, 
T-SQL,  Shell  Scripts,  COBOL, 
JCL,  JMS,  Swing,  Entity  Beans, 
DB2,  EAI,  Biztalk,  and  .net  tech¬ 
nologies  including  ASP,  ADO, 
VB  and  C#.  Send  resume  to: 
VLS  Systems,  9900  Main  Street, 
Ste.  304,  Fairfax,  VA  22031. 


Technical  Writer,  Northport,  AL: 
Analyze  &  document  client  busi¬ 
ness  processes  to  integrate 
technology.  Prep,  system  &  pro¬ 
gram  specifications;  document 
program  &  system  logic;  prep.  & 
maintain  user  guides  &  technical 
manuals;  monitor  system  chang¬ 
es;  develop  &  document  recov¬ 
ery  plans,  standard  ops  proce¬ 
dures  &  equip,  maintenance. 
Req:  Bachelors  (or  foreign, 
equiv  or  eqiv.  in  experience  and/ 
or  education  in  Computer  or 
Business  fields  +  2  yrs  exp.  in 
job  or  2  yrs  performing  technical 
documenting  of  business  sys¬ 
tems.  Mail  resume  to  Applied 
Infotech,  501  Bridge  Ave, 
Northport,  AL  35746. 


Test  Engineer 

Develop  and  debug 
complex  ICT  test  pro¬ 
grams  on  the  HP3070. 
B.S.  Elec  or  Comp 
Eng.  req.,  Extensive 
knowledge  of  HP3070 
platform  req.  2  yrs  exp. 
req.  Comp  salary. 
Email  resume  to 
John@apatest.com. 

APG  Test  Consultants. 
Longmont,  CO. 


Systems  Administrator  sought 
by  North  American  Color, 
experienced  with  Network 
Design,  Installation,  Mainten¬ 
ance,  Troubleshooting,  Admin¬ 
istration,  and  Disaster  Recov¬ 
ery  skills.  Applicants  must 
have  MS/BS  in  Computer  Sci¬ 
ence  or  Engineering  with  relat¬ 
ed  experience.  NAC  provides 
a  competitive  salary  and  bene¬ 
fits.  Send  Resume  to:  HR 
Dept.,  5960  S.  Sprinkle  Road, 
Portage,  Ml  49002  or  email  to 
funger@nac-mi.com.  EOC. 


AT  ENTION: 

Law  Firm 
IT  Consultants 
Staffing  Agencies 


Place  your 
Labor  Certification 
ads  here! 

Are  you  frequently  placing 
legal/ immigration  advertisements  ? 
Let  us  help  you  put  together  a 
cost  effective  program  that  will 
make  this  time-consuming 
task  a  little  easier. 

Contact:  Danielle  Tetreault  at: 
800-762-  2977 
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IT  Careers  offers  you 
information  on  the  most 
relevant  career  management 
topics  relative  to  IT 
recruitment. 

Here’s  what’s  coming  up  next: 

March  14:‘ 

IT’s  #1  Career  Choice 

March  28: 

Financial  Services 


Be  sure  to  take  advantage  of  this 
great  opportunity  to  brand  your 
company  or  display  your  recruitment 
message  in  IT  Careers  amid  these 
specialized  editorials 


Contact  us: 

800-762-2977 


Visit  us  at: 


www.itcareers.com 

Powered  By: 
tjfl  CareerJounial.com 
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BackSpin 


Mark  Gibbs 


Rendering  verdicts 


OK,  the  verdict  is  in.  Or  rather, 
it  isn’t.  Last  week  i  posed  a  triv¬ 
ial  technical  terminology  ques¬ 
tion:  Do  applications  run  “on”  operat¬ 
ing  systems  (my  esteemed  editor, 

Mr.  Dix.says  this  is  correct)  or  do 
they  run  “under”  them  (that  is  my 
choice). 

Well,  dear  reader,  the  vote  split  roughly  50-50. 
Perhaps  the  most  complex  response  came  from 
reader  Bob  Hayes: “1  must  confess  that  I  tend  to  use 
‘on’  and  ‘in’  but  rarely  ‘under’  to  describe  my  appli¬ 
cations’  running  habits  (that  is, ‘I’m  running 
Entourage  on  Mac  OS  X  right  now;’  but  ‘I’ve  used 
programs  in  Classic’  in  the  past.)  So,‘in’lon’  and 
‘under’  all  seem  to  be  valid  states.” 

Bob  continued:“There’s  a  mnemonic  I  remember 
from  school  that  a  preposition  is  anywhere  a  cat 
can  go,  but  apparently  a  preposition  is  also  any¬ 
where  an  application  can  run.  I’ve  heard  of  applica¬ 
tions  running  ‘behind ’‘over’ ‘with’  and  even 
‘through’  other  applications.  Hmmm.” 

So  now  that  we’ve  totally  failed  to  reach  a  verdict 
about  that,  we’ll  move  on  to  more  important  cases. 

Last  week  my  esteemed  editor  penned  his  take 
on  the  state  of  Linux  (www.nwfusion.com,  Doc- 
Finder:  6090)  after  a  visit  to  the  LinuxWorld 
Conference  and  Expo  in  Boston.  Mr.  Dix’s  verdict? 


The  title  of  his  editorial  said  it  all:“Linux:  Ready, 
willing  and  able.” 

Despite  that  thumbs  up,  the  current  sailing  condi¬ 
tions  for  Linux  aren’t  so  smooth.  As  the  editorial 
noted, “the  most  troubling  questions  about  Linux 
aren’t  technical,  but  legal  in  nature.” 

Indeed,  just  last  week  Judge  Dale  Kimball  for  the 
District  of  Utah  denied  IBM’s  motions  to  dismiss 
and  for  partial  summary  judgment  in  The  SCO 
Group’s  $3  billion  lawsuit  against  it  over  alleged 
copyright  infringement  of  Unix  code  owned  by 
SCO. 

The  judge  commented  that  “it  is  astonishing  that 
SCO  has  not  offered  any  competent  evidence  to 
create  a  disputed  fact  regarding  whether  IBM  has 
infringed  SCO’s  alleged  copyrights  through  IBM’s 
Linux  activities.” 

Despite  that,  and  a  stack  of  other  issues  in  the 
way  SCO  has  acted  in  the  case,  the  judge  was 
unwilling  to  grant  summary  judgment.  I  am  not  a 
lawyer  nor  do  I  play  one  on  television,  so  the  rea¬ 
soning  behind  denial  seems  a  little  arcane  to  me. 
As  far  as  I  can  understand,  it  is  apparently  because 
the  judge  does  not  want  to  risk  seeing  his  final  rul¬ 
ing  reversed  on  appeal,  something  that  is,  so  I 
understand^  terribly  embarrassing  thing  for  a 
judge. 

But  it  is  not  just  SCO  creating  fear,  uncertainty  and 


www.nwfusion.Gom 


doubt.  Just  consider  the  heavy  media  coverage  of  a 
study  presented  at  the  recent  RSA  Conference  that 
rendered  a  surprising  verdict:  Windows  is  more 
secure  than  Linux  (see  the  report  from  The  Seattle 
Times  at  DocFinder:  6091). 

The  researchers,  Richard  Ford,  a  computer  sci¬ 
ence  professor  at  the  Florida  Institute  of  Technol¬ 
ogy,  and  Herbert  Thompson,  director  of  security 
research  and  training  at  security  company  Security 
Innovation,  compared  Windows  Server  2003  with 
Red  Hat  Enterprise  Server  3. 

Unfortunately,  the  report  won’t  be  publicly  avail¬ 
able  until  the  middle  of  March,  but  according  to 
the  The  Seattle  Times  report,  the  research  consid¬ 
ered  a  range  of  factors  that  “included  the  number 
of  reported  vulnerabilities  and  their  severity  as  well 
as  the  number  of  patches  issued  and  days  of  risk 
—  the  period  from  when  a  vulnerability  is  first 
reported  to  when  a  patch  is  issued.” 

What  I  can  find  out  about  the  report’s  conclusions 
doesn’t  sound  conclusive.  But  it’s  weird  that  so 
many  media  outlets  would  cover  the  story  so  pro¬ 
foundly  despite  the  report  being  vaporware.  Why 
delay  releasing  the  report?  Given  the  predictable 
interest  in  its  conclusions,  it  seems  odd  that  they 
would. The  jury  is  out  until  the  report  is  released. 

Your  verdict  to  backspin@gibbs.com. 


uzz  News,  insights,  opinions  and  oddities 


By  Paul  McNamara 


Service  calls  in  a  New  Yawk  minute 

ComputerRepair.com  is  headquar¬ 
tered  in  Boca  Raton,  Fla.,  but  company 
founder  Jeff  Leventhal  speaks  classic  New  Yawk  as  he  rat-a-tat-tats  his  way 
through  a  half-hour  pitch  that  sounds  more  like  one  of  those  sports-gambling 
touts  on  TV  than  your  typical  chief  executive. 

Not  that  there's  anything  wrong  with  it:The  man  is  simply  convinced  that  he 
has  built  a  better  mousetrap  and  that  the  IT  services  world  is  already  beating 
a  path  to  his  virtual  door.  I'll  vouch  only  for  his  enthusiasm  —  and  let  him  tell 
his  story. 

Leventhal's  18-employee  company  provides  an  online  marketplace  through 
which  some  8,000  registered  IT  professionals  situated  throughout  every  ZIP 
code  in  the  country  provide  on-site  services  to  2,000  businesses  big  and  small, 
and  the  occasional  home  user.The  company  facilitated  its  first  work  order  last 
April  14  and  already  processes  about  1,000  per  day,  with  a  goal  of  pushing  that 
to  10,000,  he  says.  About  150  new  techs  sign  on  every  week. 

According  to  Leventhal,  three  claims  to  fame  set  ComputerRepair.com  apart 
from  other  companies  that  attempt  to  connect  sellers  and  buyers  of  IT  ser¬ 
vices:  absurdly  fast  response  times,  low  market-driven  prices  and  a  full-satis¬ 
faction  guarantee. 

“Here’s  a  stat  that  will  blow  you  away,”  he  promises.  "On  average  our  calls 
[to  techs  about  an  available  job]  are  accepted  within  6  minutes  and  a  tech  is  in 
route  to  the  problem  within  20  minutes.  Now  we  didn’t  build  the  system  to  do 
that,  it  just  does  it  because  it  works  like  a  real  market." 

What  he  means  by  "like  a  real  market"  is  that  ComputerRepair.com  doesn't 
set  any  prices,  as  the  prices  are  determined  by  a  combination  of  what  the  cus¬ 
tomer  is  willing  to  pay  and  who  among  the  nearby/qualified  techs  is  willing  to 
accept  those  terms.  ComputerRepair.com  charges  $11  to  open  a  work  order 


and  rakes  in  10%  of  the  eventual  fee  once  the  client  signs  off  on  the  completed 
job. 

"Typically,  you  go  to  a  service  company  and  say,  ‘Here’s  my  problem,  what  are 
you  going  to  charge  me  to  fix  it?' With  us  you’re  saying,  ‘I  have  money  on 
account,  I  need  XYZ  work  done  today,  and  here’s  what  i  want  to  pay  to  have  it 
done.  Who  wants  it?”'  he  says.  "Then  they  send  [the  order]  out  to  those  people 
who  they  want  to  get  the  order  and  the  first  one  to  take  it  gets  it.That's  the 
fundamental  difference  on  how  we  work." 

Customer  savings  are  realized  by  eliminating  the  layers  of  middlemen  who 
tend  to  drive  up  costs  of  outsourced  IT  projects  as  work  gets  farmed  from  pri¬ 
mary  contractor  to  subcontractor  and  beyond,  Leventhal  says. 

"With  my  model  —  because  I’ve  cut  out  the  five  handoffs  in  between  —  the 
client  pays  half  [of  what  he  might  otherwise]  and  the  tech  makes  more.They 
love  it,”  he  says.  “I  can  give  you  an  MCSE  anywhere  in  the  country  for  $52  an 
hour;  nobody  can  come  close  to  that,  OK.  But  for  the  MCSE,  $52  an  hour  is 
equivalent  to  $110,000  a  year. The  average  salary  for  an  MCSE  is  $62,000. They 
make  more  on  my  system,  and  clients  pay  less.” 

Of  course,  this  only  adds  up  to  a  win-win  for  all  concerned  if  the  work  gets 
done  well,  right? 

"By  the  way,  we  close  out  99.7%  of  our  calls  with  a  six-out-of-six-star  rating, 
that’s  a  fact,”  Leventhal  boasts.  “It’s  an  impossible  metric.  No  service  company 
in  the  world  can  touch  it  —  nobody." 

Don’t  ask  me  to  vouch  for  the  impossible,  but  that's  what  the  man  says.  In 
fact,  he  says  the  number  is  actually  higher  than  99.7%  but  he's  "embarrassed” 
to  say  so. 

Because  we  were  on  the  phone,  1  couldn't  see  if  his  face  turned  red,  but  it 
wouldn’t  be  in  character. 

Had  any  experience  with  ComputerRepair.com?  Let  me  know.  The  address  is 
buzz@nww.com. 


NetVanta  1224R/1224STR  Series 

Network-in-a-Box  with 
Switch/Router/Firewall/VPN/DSU/CSU 


802.3af 
Power  over 
Ethernet 


NetVanta  1224/1224ST  Series 

,  Managed  Fast  Ethernet  and 
_  Powered  Ethernet  Switches 


NetVanta  1524ST 

Managed  Gigabit  Ethernet  Switch 


Is  voice  and  data  networking  costing  you  more  than  it  should? 

You  no  longer  have  to  pay  premium  prices  for  brand  name 
gear  to  perform  customary  internetworking  tasks.  With  the 
NetVanta  Series  from  ADTRAN®,  you  can  implement  the  exact 
internetworking  functionality  you  need,  at  a  cost  that’s 
often  50%  less  than  competing  brand  name  solutions. 
Choose  from  switching,  routing,  and  VPN  platforms. 
Modular  chassis  and  deep  product  lines  let  you  pick 
and  choose  just  the  right  solution  for  any  application — 
data,  voice,  VoIP,  Internet,  backup,  and  management — 
across  networks  ranging  from  56  kbps  to  GigE.  Every 
solution  is  backed  by  a  100%  satisfaction  guarantee  from 
ADTRAN,  unlimited  telephone  technical  support  (before  and 
after  the  sale),  free  firmware  upgrades,  and  a  full  5-year  warranty. 


NetVanta  340 

Business-class  ADSL2+  Router 


Lower  network 
costs  without 
compromising 
quality,  performance, 
or  support  —  with 
NetVanta. 


NetVanta  3200 

Modular  2xT1/ADSL2+  Branch  Office 
Routers  with  Firewall/VPN/Voice/Dial  Backup 


NetVanta  3205/3305/4305 

Modular  2xT1/3xT1/8xT1  Routers  with 
Firewall/VPN/Voice/Dial  Backup 


Why  pay  more  (when  you  don’t  have  to)? 


NetVanta  5305 

Modular  2xT3  Router  with  Firewall/VPN 


Compare  now!  Receive  a  free  white  paper 
on  reducing  total  cost  of  ownership. 

www.adtran.com/rightprice 


NetVanta  2050/2054/2100 

Flome  Office/Small  Office  VPN  Gateways 
with  Firewall/Multi-Port  Switch 


Have  a  question  about  network  design?  How  to  implement 
VoIP  in  your  network?  Our  network  engineers  are  standing  by. 

800  596  9602  Technical  Questions 
877  280  8416  Where  to  Buy 


NetVanta  2300/2400 

Medium  to  Large  Office  VPN 
Gateways  with  Firewall 


The  Network  Access  Company 


Copyright^  2005  ADTRAN  Inc.  All  rights  reserved.  ADTRAN  and  NetVanta  are  registered  trademarks 
of  ADTRAN,  Inc.  Five-year  warranty  applies  in  North  America  and  Europe.  EN89A022805NW 
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VolQ 

Th  smart  Vo  P  so  ution 

system  is  built  on  open  standards  and  tits  seamlessly 
into  any  network  configuration.  Voice,  data,  video,  and 
tax  are  integrated  into  a  single,  scalable  appliance. 
Inti  ued?  Learn  more  2  LI  L  T  Y  S 

at  http://nw.zultys.com  i  .  ,  _  V V  \  '  f  i /V  f ' /  /A ' V tV  V' 


There’s  a  lot  to  think  about  when  choosing  the  best  VoIP 
system  tor  your  business.  But  the  solution  is  actually 
quite  simple  —  literally.  It’s  Zultys.  Our  intelligent  solutions 
provide  the  difference  between  just  Vc  P  a:  Vo  Q. 
Easy  to  implement  and  manage,  our  communications 


